This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: No effect of SE_BACKUP_NAME privilege on cygwin?


Corinna Vinschen wrote:
On Mar 1 20:28, Christian Franke wrote:
Enabling SE_BACKUP_NAME has no effect for cygwin programs.

You're expecting that you can use Windows functions in a POSIX application without disturbing the way Cygwin works. That's a bit dangerous.

Agree.


(I tried to add a "regtool save ..." action to allow backup of registry hives from scripts.
This calls RegSaveKey which needs SE_BACKUP_NAME.)



A Cygwin application's main thread is not running under the
process token, but under a derived impersonation token. This is true
for every thread in Cygwin. So, instead of using OpenProcessToken, you
should be able to accomplish what you want by calling OpenThreadToken.

Yes, it works, thanks!


Already tried this before but gave up too early, because it didn't work in the non-cygwin version ;-)
I didn't realize that the main thread has no token by default...



However, I'm wondering if a Cygwin application should always try by
itself to request the SE_BACKUP_NAME privilege. It would simplify file
access for all privileged processes. Hmm.

Sounds reasonable. SE_RESTORE_NAME is requested somewhere in the code, but not SE_BACKUP_NAME.

Christian


-- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]