This is the mail archive of the
mailing list for the Cygwin project.
Re: security.cc: bug report, question and suggestion
Corinna Vinschen wrote:
> That sounds weird, though. It doesn't make sense. The DACL
> for the token only sets the permissions for accessing the token
> and not for accessing other objects.
> OTOH..., if the process can't access the token it doesn't know about
> it's own permissions. But why should only accessing a registry key
> be affected and not accessing files?!?
I agree it doesn't make sense and it's all Microsoft's doing...
By the way, do you know why LookupAccountSid() returns different
values when the sid is impersonated and when it isn't. Like:
In impersonated token created in a process launched by Phumblet
/******************* Token User */
PHumblet WIRELESS SidTypeUser <==== ?????
S-1-5-21-2127391503-1594901184-99485923-1004 <==== impersonated sid
the (account) name PHumblet doesn't match the sid's username here.
It would if the process was launched directly by the user
(instead of being impersonated).
> The latter call is the one I added to the DuplicateTokenEx() call
> to create this sort of SA with five SIDs, the current user, the
> impersonated user (additional SID parameter), admins, system and
What you do is essentially the same as what I tried, except you
put the sa, sd and dacl in a contiguous memory buffer. My code
(which also didn't have any effects) was using pointers from sa to sd
and from sd to the dacl (thus spread in 3 different memory blocks).
> And you say that this doesn't help at all? Hmm, I will have to
> debug that further. SIGH!
Instead of debugging DuplicateTokenEx() it may be simpler (but
less efficient) to set the sd DACL in seteuid(), after the
call to ImpersonateLoggedOnUser(). That's essentially what
my call is doing when NULLing the DACL (see previous mail).
It would also take care of the subauthentication case.
I haven't looked at that at all.
> Could you send your minimal testcase, please?
Yes, but perhaps not before Monday.
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html