supplement cygwin_logon_user with CreateProcessWithLogonW?

supplement cygwin_logon_user with CreateProcessWithLogonW?

[Chris January]

On Windows 2000, no extra privileges are needed to run
CreateProcessWithLogonW (as opposed to the LogonUser / CreateProcessAsUser)
combination. This is because CreateProcessWithLogonW utilises the RunAs
(2000)/SecondaryLogon (XP) service. Would it make sense to modify Cygwin so
this could be used in place of cygwin_logon_user if one so wished? If so,
I'll go about creating a patch.

Chris


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

RE: supplement cygwin_logon_user with CreateProcessWithLogonW?

[Bobby McNulty Junior]

Sounds good to me. 



--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Re: supplement cygwin_logon_user with CreateProcessWithLogonW?

[Corinna Vinschen]

On Sat, Sep 14, 2002 at 10:46:33PM +0100, Chris January wrote:
> On Windows 2000, no extra privileges are needed to run
> CreateProcessWithLogonW (as opposed to the LogonUser / CreateProcessAsUser)
> combination. This is because CreateProcessWithLogonW utilises the RunAs
> (2000)/SecondaryLogon (XP) service. Would it make sense to modify Cygwin so
> this could be used in place of cygwin_logon_user if one so wished? If so,
> I'll go about creating a patch.

Hmm, how are you planning to do that?  Which application do you have in
mind to use that functionality, su?

Oh, btw., do you have a pointer to MS documentation which talks about
CreateProcessWithLogonW() utilizing RunAs?  I have not found a word of
that in MSDN.  Just curious.

Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                                mailto:cygwin@cygwin.com
Red Hat, Inc.

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

RE: supplement cygwin_logon_user with CreateProcessWithLogonW?

[Chris January]

> > CreateProcessWithLogonW (as opposed to the LogonUser /
> CreateProcessAsUser)
> > combination. This is because CreateProcessWithLogonW utilises the RunAs
> > (2000)/SecondaryLogon (XP) service. Would it make sense to
> modify Cygwin so
> > this could be used in place of cygwin_logon_user if one so
> wished? If so,
> > I'll go about creating a patch.
>
> Hmm, how are you planning to do that?  Which application do you have in
> mind to use that functionality, su?
su was the main one.

>
> Oh, btw., do you have a pointer to MS documentation which talks about
> CreateProcessWithLogonW() utilizing RunAs?  I have not found a word of
> that in MSDN.  Just curious.
It's not documented - but Microsoft said this function used the RunAs
service when the RunAs pipe authentication vulnerability was discovered.
First hint: Function is in advapi32.lib, not kernel32.lib.
Second hint: No extra priveleges required.

There is also a CreateProcessWithTokenW available with .NET server.

Chris


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/