[cvsnt] Re: cygwin ssh server and author being set to SYSTEM
Tony Hoyle
tmh at nodomain.org
Wed Jan 7 17:26:31 GMT 2004
On Wed, 7 Jan 2004 23:22:28 +0600, Pavel Goran <pvgoran.ml at macondo.ru>
wrote:
>The authentication module could just check if the calling process has
>enough priveleges to use NtCreateToken() and impersonate an user via
>the obtained access token - that is, if the process can make use of
>the currently used (in CygWin) "broken" impersonation. If this is the
>case, the authentication module could safely proceed with doing
>whatever is needed for "normal", non-broken impersonation.
>
You can't do that with a subauth module - you get no information about
the calling process or privileges of said process.
Tony
More information about the cvsnt
mailing list