From: Corinna Vinschen on
Stefan Kuhr wrote:
> Hi Corinna,
> On 2/25/2010 3:38 PM, Corinna Vinschen wrote:
>> <snip>
>> In Kerem's case I'm not sure. I never checked in the inverse case
>> - calling TokenLinkedToken on the elevated token - and without TCB
>> privileges, if the linked token is an impersonation token for which
>> DuplicateTokenEx(PrimaryToken) fails. I made the suggestion
>> nevertheless, because it can be very easily tested.
> Were you thinking about something like the following code? When run
> under an elevated token, CPAU fails with 1314 (Privilige not held) and
> the linked token is an impersonation token, duplicating it to a primary
> token fails with 1346 (bad impersonation level):

Yes, exactly. So this is not usable in Kerem's scenario. Too bad.


Corinna Vinschen
Cygwin Project Co-Leader
Red Hat