This is the mail archive of the cygwin@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: security.cc: bug report, question and suggestion


Corinna Vinschen wrote:

> However, I've just checked in a change which should create a useful
> DACL for the primary token created by DuplicateTokenEx() in the
> create_token() function.  It uses the function `sec_user()' which I
> once introduced to set security attributes for CreateProcess calls,
> etc.  Could you test if it now behaves as you'd expect?

Corinna,

It doesn't seem to do anything (see attach). What does it do for you?
I am pretty sure (used gdb) that I am running your latest code. NT4.0

Pierre
gid was 513
setgid returned 0, read 1005
uid was 500
setuid returned 0, read 1004
USERNAME testuser
/******************* Token Start ****************************/
/******************* Token User */
PHumblet ASTRALPOINT SidTypeUser
S-1-5-21-2127391503-1594901184-99485923-1004
/******************* Token Type */
TokenImpersonation
/******************* Token Source */
Token source Cygwin.1
/******************* Token Security */
*************** SECURITY INFO START *************
Owner: Administrators BUILTIN SidTypeAlias
S-1-5-32-544
Group: Domain Users ASTRALPOINT SidTypeGroup
S-1-5-21-1391547877-877281485-1846952604-513
ACL:
0 Administrators BUILTIN SidTypeAlias
S-1-5-32-544
ACCESS_ALLOWED_ACE_TYPE 
TOKEN_ASSIGN_PRIMARY, TOKEN_DUPLICATE, TOKEN_IMPERSONATE, TOKEN_QUERY, TOKEN_QUERY_SOUR
CE, TOKEN_ADJUST_PRIVILEGES, TOKEN_ADJUST_GROUPS, TOKEN_ADJUST_DEFAULT, DELETE, READ_CO
NTROL, WRITE_DAC, WRITE_OWNER, 
1 SYSTEM NT AUTHORITY SidTypeWellKnownGroup
S-1-5-18
ACCESS_ALLOWED_ACE_TYPE 
TOKEN_ASSIGN_PRIMARY, TOKEN_DUPLICATE, TOKEN_IMPERSONATE, TOKEN_QUERY, TOKEN_QUERY_SOUR
CE, TOKEN_ADJUST_PRIVILEGES, TOKEN_ADJUST_GROUPS, TOKEN_ADJUST_DEFAULT, DELETE, READ_CO
NTROL, WRITE_DAC, WRITE_OWNER, 
*************** SECURITY INFO END *************

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]