From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from re-prd-fep-043.btinternet.com (mailomta2-re.btinternet.com [213.120.69.95]) by sourceware.org (Postfix) with ESMTPS id 61A5F3858402 for ; Tue, 14 Sep 2021 11:53:48 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 61A5F3858402 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=dronecode.org.uk Authentication-Results: sourceware.org; spf=none smtp.mailfrom=dronecode.org.uk Received: from re-prd-rgout-004.btmx-prd.synchronoss.net ([10.2.54.7]) by re-prd-fep-043.btinternet.com with ESMTP id <20210914115347.JJPY22650.re-prd-fep-043.btinternet.com@re-prd-rgout-004.btmx-prd.synchronoss.net> for ; Tue, 14 Sep 2021 12:53:47 +0100 Authentication-Results: btinternet.com; auth=pass (PLAIN) smtp.auth=jonturney@btinternet.com; bimi=skipped X-SNCR-Rigid: 613A901C0094D3CB X-Originating-IP: [81.129.146.163] X-OWM-Source-IP: 81.129.146.163 (GB) X-OWM-Env-Sender: jonturney@btinternet.com X-VadeSecure-score: verdict=clean score=0/300, class=clean X-RazorGate-Vade: gggruggvucftvghtrhhoucdtuddrgedvtddrudegledggeegucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuueftkffvkffujffvgffngfevqffopdfqfgfvnecuuegrihhlohhuthemuceftddunecunecujfgurhepuffvfhfhkffffgggjggtgfesthejredttdefjeenucfhrhhomheplfhonhcuvfhurhhnvgihuceojhhonhdrthhurhhnvgihsegurhhonhgvtghouggvrdhorhhgrdhukheqnecuggftrfgrthhtvghrnhepgeeuhfekvdefieeghfehtdejheeigedthefhhfehfffgheehgedtffeljeetueeunecukfhppeekuddruddvledrudegiedrudeifeenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhephhgvlhhopegludelvddrudeikedruddruddtfegnpdhinhgvthepkedurdduvdelrddugeeirdduieefpdhmrghilhhfrhhomhepjhhonhdrthhurhhnvgihsegurhhonhgvtghouggvrdhorhhgrdhukhdprhgtphhtthhopegthihgfihinhdqrghpphhssegthihgfihinhdrtghomh X-RazorGate-Vade-Verdict: clean 0 X-RazorGate-Vade-Classification: clean Received: from [192.168.1.103] (81.129.146.163) by re-prd-rgout-004.btmx-prd.synchronoss.net (5.8.716.04) (authenticated as jonturney@btinternet.com) id 613A901C0094D3CB for cygwin-apps@cygwin.com; Tue, 14 Sep 2021 12:53:47 +0100 Subject: Re: [PATCH setup 06/11] Enable SeCreateSymbolicLink privilege To: "cygwin-apps@cygwin.com" References: <20210810170228.1690-1-jon.turney@dronecode.org.uk> <20210810170228.1690-7-jon.turney@dronecode.org.uk> From: Jon Turney Message-ID: Date: Tue, 14 Sep 2021 12:53:28 +0100 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.14.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-GB Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-1191.7 required=5.0 tests=BAYES_00, FORGED_SPF_HELO, KAM_DMARC_STATUS, KAM_LAZY_DOMAIN_SECURITY, NICE_REPLY_A, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H4, RCVD_IN_MSPIKE_WL, SPF_HELO_PASS, SPF_NONE, TXREP autolearn=ham autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: cygwin-apps@cygwin.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Cygwin package maintainer discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Sep 2021 11:53:50 -0000 On 11/08/2021 09:46, Corinna Vinschen via Cygwin-apps wrote: > On Aug 10 18:02, Jon Turney wrote: >> I'm not sure if SeCreateSymbolicLink privilege can get removed by UAC >> filtering, but to make sure to enable it, if we can. > > I'm not sure this is required. This is one of the privileges which is > enabled automatically on usage if it's present in the token and not > marked as "deny only". UAC removes the privilege entirely from the > token, so you can't enable it in that case. Yes, looking into this nonsense a bit more, that's correct. I'll change this to just log the availability of that privilege.