This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Using native symlinks

On May 30 09:28, Jeffrey Altman wrote:
> On 5/30/2013 5:03 AM, Corinna Vinschen wrote:
> > On the other hand, in the same situation the UAC-crippled admins's token
> > does not contain the "Create symbolic links" right:
> > 
> >   $ /cygdrive/c/Windows/System32/whoami /priv
> > 
> >   ----------------------
> > 
> >   Privilege Name                Description                          State
> >   ============================= ==================================== ========
> >   SeShutdownPrivilege           Shut down the system                 Disabled
> >   SeChangeNotifyPrivilege       Bypass traverse checking             Enabled
> >   SeUndockPrivilege             Remove computer from docking station Disabled
> >   SeIncreaseWorkingSetPrivilege Increase a process working set       Disabled
> >   SeTimeZonePrivilege           Change the time zone                 Disabled
> > 
> > I also changed the "Create symbolic links" policy so that the "Users"
> > group is the only group getting this right.  In other words, I removed
> > the "Administrators" group entirely, logged off, logged on, and the
> > result was the same as above.
> > 
> > This is a bug in UAC if you ask me.  It seems to remove privileges from
> > the UAC-crippled admin's token based on a fixed internal list, totally
> > ignorant of changes in the security policy.
> This is a design flaw but it is working as documented.   Administrators have
> SeCreateSymbolicLinkPrivilege by default so UAC removes it.   What UAC
> should
> do in my opinion is not remove a static list of permissions but only
> remove those permissions that are not granted to standard users.



Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

Problem reports:
Unsubscribe info:

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]