[cvsnt] Re: cygwin ssh server and author being set to SYSTEM
Tony Hoyle
tmh at nodomain.org
Thu Jan 8 10:11:07 GMT 2004
Pavel Goran wrote:
> There must be a possibility for some kind of communication between a
> process and the module (for example, a process can create a named pipe
> and pass its name to the package as a password). Provided that
> communication is possible, the package can create a named pipe (and
> thus become the "named pipe server"), instruct the process to open it
> (which thus becomes the "named pipe client"), impersonate the process'
> user by calling ImpersonateNamedPipeClient(), and actually try
> NtCreateToken() (and maybe other calls).
>
There are many pipes that are opened by the system user... (LSASS is one
I think) it'd be trivial to pass one of those.
I'm not really prepared to take the risk. Luckily it's not a cvsnt
problem - even if I implemented something only cygwin can make the
decision whether to use it.
Tony
More information about the cvsnt
mailing list