[Patch] Allow to disable root privileges with CYGWIN=noroot
Sat Oct 17 12:19:00 GMT 2009
Corinna Vinschen wrote:
> I have a self-hacked version of such a tool which you can download
> from here: http://cygwin.de/gettokinfo/
> `gettokinfo' prints everything except for the list of user rights.
> `gettokinfo foo' prints everything including the user rights.
Thanks. I added option -t to print the thread token, patch is attached.
Observation: When Cygwin spawns a process with CreateProcessAsUser(),
the child process main thread has a token after startup.
$ ./gettokinfo -t
$ ./cygdrop ./gettokinfo -t
Impersonation Level: SecurityImpersonation
The problem is that some calls (from _cygtls?) to user.reimpersonate()
appear between startup and uinfo_init(). uinfo_init() does not call
RevertToSelf() after closing the inherited token.
@@ -155,7 +161,7 @@ uinfo_init ()
cygheap->user.curr_token_is_restricted = false;
cygheap->user.setuid_to_restricted = false;
cygheap->user.set_saved_sid (); /* Update the original sid */
- cygheap->user.reimpersonate ();
+ cygheap->user.deimpersonate ();
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 1271 bytes
Desc: not available
More information about the Cygwin-patches