[Patch] Allow to disable root privileges with CYGWIN=noroot

Corinna Vinschen corinna-cygwin@cygwin.com
Wed Oct 7 08:21:00 GMT 2009

On Oct  6 22:15, Christian Franke wrote:
> Corinna Vinschen wrote:
>> ...and maybe it's time to create a cygwin_internal call which replaces
>> cygwin_set_impersonation_token and deprecate cygwin_set_impersonation_token
>> in the long run.  So, instead of the above we could have this call
>> taking a HANDLE and a BOOL value:
>>   cygwin_internal (CW_SET_EXTERNAL_TOKEN, token_handle, restricted?);
> OK.
> I have a very first experimental version which works for me. It also 
> requires a new flag 'cygheap->user.is_restricted_token' to tell 
> spawn_guts() to use CreateProcessAsUser().
> I will post the patch in a few days.
> A question:
> Why does seteuid32() call 'set_cygwin_privileges ()' on 'curr_imp_token' 
> and not on 'curr_primary_token' ? The curr_primary_token is used for 
> impersonation and therefore the privileges are not set for the thread 
> itself.

Oops.  Thanks for catching.  I applied a patch.


Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

More information about the Cygwin-patches mailing list