This is the mail archive of the
cygwin-patches
mailing list for the Cygwin project.
Re: [Patch] Allow to disable root privileges with CYGWIN=noroot
On Oct 17 14:19, Christian Franke wrote:
> Observation: When Cygwin spawns a process with CreateProcessAsUser(), the
> child process main thread has a token after startup.
>
> $ ./gettokinfo -t
> OpenThreadToken: 1008
>
> $ ./cygdrop ./gettokinfo -t
> Thread Token
> Type: Impersonation
> Impersonation Level: SecurityImpersonation
> ...
>
> The problem is that some calls (from _cygtls?) to user.reimpersonate()
> appear between startup and uinfo_init(). uinfo_init() does not call
> RevertToSelf() after closing the inherited token.
>
> Quick fix:
>
> @@ -155,7 +161,7 @@ uinfo_init ()
> cygheap->user.curr_token_is_restricted = false;
> cygheap->user.setuid_to_restricted = false;
> cygheap->user.set_saved_sid (); /* Update the original sid */
> - cygheap->user.reimpersonate ();
> + cygheap->user.deimpersonate ();
> }
>
> Typo ?
Oversight, it seems. The reimpersonate call was ok in Cygwin 1.5 since
the process was always running under an impersonation token and
reimpersonate() looked different back then.
Thanks for catching!
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Project Co-Leader cygwin AT cygwin DOT com
Red Hat