[cvsnt] Re: cygwin ssh server and author being set to SYSTEM

Tony Hoyle tmh at nodomain.org
Thu Jan 8 10:11:07 GMT 2004


Pavel Goran wrote:
> There  must  be a possibility for some kind of communication between a
> process and the module (for example, a process can create a named pipe
> and  pass  its  name  to  the  package  as  a password). Provided that
> communication  is  possible,  the package can create a named pipe (and
> thus  become the "named pipe server"), instruct the process to open it
> (which thus becomes the "named pipe client"), impersonate the process'
> user   by   calling  ImpersonateNamedPipeClient(),  and  actually  try
> NtCreateToken() (and maybe other calls).
> 
There are many pipes that are opened by the system user... (LSASS is one 
I think) it'd be trivial to pass one of those.

I'm not really prepared to take the risk. Luckily it's not a cvsnt 
problem - even if I implemented something only cygwin can make the 
decision whether to use it.

Tony




More information about the cvsnt mailing list