This is the mail archive of the cygwin-developers@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: chown


On Apr 15 12:11, Pierre A. Humblet wrote:
> The problem is that I won't be privileged until write_sd.
> It may be better to first call with query_read_control and to
> retry in write_sd. 
> 
> I am wondering if we need a CreateFile with FILE_FLAG_BACKUP_SEMANTICS
> or if a simple DuplicateHandle would also work, after becoming privileged.

You could give it a test.  But actually I don't understand the problem.
What does it save us?  The CreateFile fails not because
FILE_FLAG_BACKUP_SEMANTICS is set, but because WRITE_OWNER and
WRITE_DAC is requested.  And you can't add these access modes by a
call to DuplicateHandle.

> Also BackupWrite was not atomic, the ACL would change while the owner
> didn't. Do you know if NtSetSecurityObject is atomic? If so, the test
> if (res == 1)
>     {
>       BOOL dummy;
>       cygpsid owner;
> could be removed.

I'd love to remove it.  I have no idea if NtSetSecurityObject is atomic,
though.  I'd guess so but knowledge would require documentation...

> P.S.: I have just updated in cvs and saw your fresh change.
> Now CreateFile might be called up to 3 times.
> An alternative is to become privileged before the initial
> open, but that won't work with fchown 

Why not?  The code to set SE_RESTORE_NAME could easily be moved out
of write_sd and into fhandler_disk_file's fchown, fchmod and facl
methods.  That would allow to reduce fchown and fchmod back to
just calling open_fs with query_write_control since that's required
for that functionality anyway.

Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Co-Project Leader          mailto:cygwin@cygwin.com
Red Hat, Inc.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]