This is the mail archive of the
cygwin
mailing list for the Cygwin project.
Re: Switching the user context -- SeAssignPrimaryTokenPrivilege required
On Fri, 9 Jun 2017 11:00:36, Corinna Vinschen wrote:
[snip]
> You're not supposed to do that. setuid() is a privileged call, so it's
> supposed to be called by a privileged process only. Do not add these
> permissions to a normal user account unless you exactly know what you're
> doing security-wise.
No, indeed, one is not supposed to do that (permanently assign this privilege
to a regular user account). Definitely. Absolutely ...
I only intended to demonstrate the essence (gist?) of the subparagraph:
user context switch => CreateProcessAsUser()
Without the invocation of CreateProcessAsUser() there is no context switch.
Regards,
Henri
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple