This is the mail archive of the
cygwin
mailing list for the Cygwin project.
Re: I'd like to have an unreadable file
Tim McDaniel <tmcd <at> panix.com> writes:
>
> On Thu, 30 Apr 2009, Larry Hall wrote:
> > It's a known fact that Cygwin allows users that are members of the
> > Adminstrators group access to any file, regardless of its
> > permissions.
>
> Thank you for the quick reply. (Though I find it scary that Cygwin
> can escalate privileges so very much.)
Cygwin is not escalating privileges. Rather, what is scary is that Windows
provides that many privilges to administrators in the first place (in the case
of reading a file with no explicit read permissions, it is the read-with-intent-
to-backup privilege that lets you in). It's just that most Windows apps don't
exploit those privileges as readily as cygwin. Now think of how many users run
with administrator privileges by default (much higher than the number of people
who run Unix with root priviliges by default). No wonder virus writes like
Windows.
>
> I guess the workaround would be to simply test the script by running
> as a user who is not in the Administrators group.
Yes - if you want to avoid superuser privileges, then don't log in as a
superuser.
--
Eric Blake
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/