cannot run setup64.exe without admin privileges (even if renamed foo.exe)

Corinna Vinschen corinna-cygwin@cygwin.com
Tue Oct 15 12:22:00 GMT 2013 

Hi Shaddy,

On Oct 15 21:21, Shaddy Baddah wrote:
> Hi Corinna,
> 
> On 15/10/13 20:08, Corinna Vinschen wrote:
> >[...]
> >Assuming setup would get an "asInvoker" manifest, so it runs with the
> >privileges of the current user.  First thing it would check its user
> >token.  There are three cases:
> >
> >- When started by a non-admin user, the user token would contain no
> >   trace of the administrators group in the user token group list.
> >   In this case, setup would just run along as usual for the current user.
> >
> >- When started elevated (with "Run as administrator...", for instance),
> >   the user token group list would contain the administrators group,
> >   enabled.  So setup knows it has admin rights anyway and just runs along
> >   as in the non-admin user case.  So, in fact, these two cases are just
> >   one case.
> >
> >- Now, when started by an admin user, but not elevated, the group list
> >   would contain the administrators group, too, but with the "Use for
> >   deny only" flag set.  If setup recognizes this flag, rather than running
> >   along, it calls ShellExecute on itself, with the "runas" flag set.
> >   So it elevates a copy of itself and just exits.  The elevated copy
> >   then runs as usual.
> >
> >The only downside with this concept, as far as I can see, is, somebody
> >would have to implement it...
> >
> >Does that sound feasible?
> 
> I apologise... I've been sitting on an almost-there implementation of
> this for almost two weeks, waiting for a moment to polish it properly
> for patch submission.
> 
> I can't elaborate on the pros and cons of the patch at the moment, as
> I am accessing my desktop remotely. But I will follow-up later tonight
> with more details.

thanks for letting us know and your patch.  I had a look and it looks
good for a start.  You just call the CheckTokenMembership function,
though.  The problem is, you won't know if the process has been started
by a non-admin or by an admin without elevation.  So you always call
ShellExecute if setup is started without admin rights, for non-admins
and non-elevated admins alike, unless the --no-admin option is given.

Is that what we want?  Or should the process only be elevated when
started by a non-elevated admin as I proposed.  I'm not sure, really.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://cygwin.com/pipermail/cygwin-apps/attachments/20131015/0fd003ad/attachment.sig>

More information about the Cygwin-apps mailing list