Hi Corinna,
Corinna Vinschen wrote:
New patch attached. I made the test a bit more foolproof, hopefully.
And a restricted token does not require to load the user's registry hive,
nor should Cygwin try to enable the backup/restore permissions in the
new token. That spoils the idea of a restricted token a bit...
...
Thanks!
+ bool request_restricted_uid_switch =
+ uid == myself->uid
+ && ( (cygheap->user.external_token != NO_IMPERSONATION
+ && IsTokenRestricted (cygheap->user.external_token))
+ || (cygheap->user.external_token == NO_IMPERSONATION
+ && cygheap->user.issetuid ()
+ && IsTokenRestricted (cygheap->user.curr_primary_token)));
Unfortunately this does not work for a typical use case: an admin
process creates a restricted token with standard user rights. The
function IsTokenRestricted() returns TRUE only if the token contains
'restricted SIDs'.
(http://msdn.microsoft.com/en-us/library/aa379137(VS.85).aspx)
Test with tokens returned by SaferComputeTokenFromLevel():
(http://msdn.microsoft.com/en-us/library/ms972827.aspx)
SAFER_LEVELID_NORMALUSER: IsTokenRestricted()=FALSE
SAFER_LEVELID_CONSTRAINED: IsTokenRestricted()=TRUE
SAFER_LEVELID_UNTRUSTED: IsTokenRestricted()=TRUE
BTW: Only NORMALUSER is works for Cygwin. Using DropMyRights.exe to
start of a Cygwin process with a CONTRAINED token results in:
5 [sig] true 3788 C:\cygwin-1.7\bin\true.exe:
*** fatal error - couldn't create signal pipe, Win32 error 5
There is apparently no function to check whether a token is a result of
CreateRestrictedToken() or SaferComputeTokenFromLevel().
Would'nt it be easier to add a new function
'cygwin_set_restricted_token(token)' instead of the test of the token type?
Christian
