Web lists-archives.com

Re: Switching the user context -- SeAssignPrimaryTokenPrivilege required




On Fri, 9 Jun 2017 11:00:36, Corinna Vinschen wrote:

[snip]
> You're not supposed to do that.  setuid() is a privileged call, so it's
> supposed to be called by a privileged process only.  Do not add these
> permissions to a normal user account unless you exactly know what you're
> doing security-wise.

No, indeed, one is not supposed to do that (permanently assign this privilege
to a regular user account). Definitely. Absolutely ...

I only intended to demonstrate the essence (gist?) of the subparagraph:

    user context switch => CreateProcessAsUser()

Without the invocation of CreateProcessAsUser() there is no context switch.

Regards,
Henri


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple