[Patch] Allow to disable root privileges with CYGWIN=noroot

Christian Franke Christian.Franke@t-online.de
Sun Oct 4 19:08:00 GMT 2009

Hi Corinna,

Corinna Vinschen wrote:
> New patch attached.  I made the test a bit more foolproof, hopefully.
> And a restricted token does not require to load the user's registry hive,
> nor should Cygwin try to enable the backup/restore permissions in the
> new token.  That spoils the idea of a restricted token a bit...
> ...


> +  bool request_restricted_uid_switch =
> +     uid == myself->uid
> +     && (   (cygheap->user.external_token != NO_IMPERSONATION
> +	     && IsTokenRestricted (cygheap->user.external_token))
> +	 || (cygheap->user.external_token == NO_IMPERSONATION
> +	     && cygheap->user.issetuid ()
> +	     && IsTokenRestricted (cygheap->user.curr_primary_token)));

Unfortunately this does not work for a typical use case: an admin 
process creates a restricted token with standard user rights. The 
function IsTokenRestricted() returns TRUE only if the token contains 
'restricted SIDs'.

Test with tokens returned by SaferComputeTokenFromLevel():


BTW: Only NORMALUSER is works for Cygwin. Using DropMyRights.exe to 
start of a Cygwin process with a CONTRAINED token results in:

5 [sig] true 3788 C:\cygwin-1.7\bin\true.exe:
   *** fatal error - couldn't create signal pipe, Win32 error 5

There is apparently no function to check whether a token is a result of 
CreateRestrictedToken() or SaferComputeTokenFromLevel().

Would'nt it be easier to add a new function 
'cygwin_set_restricted_token(token)' instead of the test of the token type?


More information about the Cygwin-patches mailing list