[cvsnt-dev] Re: NtCreateToken & SeImpersonatePrivilege
KJK::Hyperion
noog at libero.it
Sat May 22 21:32:14 BST 2004
Tony Hoyle wrote:
>> This on a Windows 2000 Service Pack 4
> It could just be hardcoded into privcheck (no reference to this in
> google so I can't try it myself.. a homegrown app???).
yeah, I forgot to mention it's an old app I wrote in Delphi. No, it
doesn't hardcode anything, it's all information queried for. A pretty
straightforward program, it does exactly what you'd think it does
> Even if such a privilege exists in Win2kSP4 (but not in XP??? that
> *would* be odd)
not that odd. Windows XP doesn't come in a server flavour, so they
probably didn't deem it important to fix it immediately (but I read it
will be fixed in SP2). Anyway, I read the KB religiously and have
subscribed to kbAlertz.com, and I remember when the article and hotfix
about SeImpersonatePrivilege and SeCreateGlobalPrivilege came out. Note
the "applies to" section:
<http://support.microsoft.com/default.aspx?kbid=821546>
> And for the create token issue (no official microsoft stuff but then
> they never officially acknowledged the existence of the function
> anyway):
oh, so it wasn't a special check in NtCreateToken! I love Microsoft.
Even when they break things, they do it in a technically sound way.
Anyway, what does CVSNT need a token for? couldn't the token returned
by LogonUser do? (it's used for pserver, right? isn't pserver all about
plaintext athentication?)
More information about the cvsnt-dev
mailing list