This is the mail archive of the
cygwin-patches@cygwin.com
mailing list for the Cygwin project.
Re: [Patch] *** CreateFileMapping, Win32 error 5. Terminating.
On Thu, Oct 16, 2003 at 11:47:51AM -0400, Pierre A. Humblet wrote:
> Corinna Vinschen wrote:
> >
> > On Wed, Oct 15, 2003 at 10:22:35PM -0400, Pierre A. Humblet wrote:
> > > 2003-10-15 Pierre Humblet <pierre.humblet@ieee.org>
> > >
> > > * syscalls.cc (seteuid32): Always construct a default DACL including
> > > the new sid, Admins and SYSTEM and copy it to the new thread token.
> > > * security.cc (create_token): Use a NULL default DACL in NtCreateToken.
> >
> > I assume you have tested it also with an external token, don't you?
> > I'm a bit concerned that the code also tries to modify the external
> > token. Is that actually unavoidable? Isn't the problem just a
> > typical problem of a self-created token?
>
> Yes it has been tested with an external token. We already touch the owner
> and primary group of the external tokens, the dacl is just another item.
>
> It's needed with external tokens to handle the following type of cases.
> A user in the admins group telnets into the box, creating a file
> mapping with access by admins and system, but not by his sid (without the
> patch).
> While he is logged in, some service (exim, proftp...) creates a
> setgroups(0, NULL) + seteuid() process. That process may not be able
> the access the file mapping (without the patch).
That makes sense. Ok, commit it.
Thanks,
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Developer mailto:cygwin@cygwin.com
Red Hat, Inc.