This is the mail archive of the
mailing list for the Cygwin project.
RE: supplement cygwin_logon_user with CreateProcessWithLogonW?
- From: "Chris January" <chris at atomice dot net>
- To: <cygwin at cygwin dot com>
- Date: Wed, 18 Sep 2002 17:25:41 +0100
- Subject: RE: supplement cygwin_logon_user with CreateProcessWithLogonW?
> > CreateProcessWithLogonW (as opposed to the LogonUser /
> > combination. This is because CreateProcessWithLogonW utilises the RunAs
> > (2000)/SecondaryLogon (XP) service. Would it make sense to
> modify Cygwin so
> > this could be used in place of cygwin_logon_user if one so
> wished? If so,
> > I'll go about creating a patch.
> Hmm, how are you planning to do that? Which application do you have in
> mind to use that functionality, su?
su was the main one.
> Oh, btw., do you have a pointer to MS documentation which talks about
> CreateProcessWithLogonW() utilizing RunAs? I have not found a word of
> that in MSDN. Just curious.
It's not documented - but Microsoft said this function used the RunAs
service when the RunAs pipe authentication vulnerability was discovered.
First hint: Function is in advapi32.lib, not kernel32.lib.
Second hint: No extra priveleges required.
There is also a CreateProcessWithTokenW available with .NET server.
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html