Partially revert change from 2005-04-03, always running under an

	impersonation token, which collides with Vista UAC.
	* cygheap.h (deimpersonate): revert to self instead of impersonating
	hProcImpToken.
	(reimpersonate): Only impersonate if setuid.
	* dcrt0.cc (dll_crt0_0): Don't initialize hProcImpToken here.
	(dll_crt0_1): Set privileges on hProcToken.
	* fork.cc (frok::child): Set privileges on hProcToken.  Close handle to
	hProcImpToken.
	* grp.cc (internal_getgroups): Use hProcToken instead of hProcImpToken.
	* security.cc (check_access): Create hProcImpToken on demand here.
	* security.h (set_process_privilege): Set privileges on hProcToken.
	(_push_thread_privilege): Use hProcToken instead of hProcImpToken.
	(pop_thread_privilege): If not setuid'ed, revert to self.
	* syscalls.cc (setegid32): Drop setting primary group on hProcImpToken.
	Close handle to hProcImpToken.
	* uinfo.cc (internal_getlogin): Ditto.
	* winsup.h (clear_procimptoken): New inline function.

1 files changed, 1 insertions, 12 deletions

diff --git a/winsup/cygwin/dcrt0.cc b/winsup/cygwin/dcrt0.cc
index 727163e08..8281f3676 100644
--- a/winsup/cygwin/dcrt0.cc
+++ b/winsup/cygwin/dcrt0.cc
@@ -771,17 +771,6 @@ dll_crt0_0 ()
 
   cygheap->cwd.init ();
 
-  /* Late duplicate simplifies tweaking the process token in uinfo.cc. */
-  if (wincap.has_security ()
-      && !DuplicateTokenEx (hProcToken, MAXIMUM_ALLOWED, NULL,
-			    SecurityImpersonation, TokenImpersonation,
-			    &hProcImpToken))
-#ifdef DEBUGGING
-    system_printf ("DuplicateTokenEx failed, %E");
-#else
-    ;
-#endif
-
   debug_printf ("finished dll_crt0_0 initialization");
 }
 
@@ -852,7 +841,7 @@ dll_crt0_1 (void *)
 
   /* Can be set only after environment has been initialized. */
   if (wincap.has_security ())
-    set_cygwin_privileges (hProcImpToken);
+    set_cygwin_privileges (hProcToken);
 
   if (!old_title && GetConsoleTitle (title_buf, TITLESIZE))
     old_title = title_buf;