This is the mail archive of the
mailing list for the Cygwin project.
Re: [Patch] Recent security improvements breaks proftpd
On Fri, Sep 26, 2003 at 09:43:38AM -0400, Pierre A. Humblet wrote:
> Corinna Vinschen wrote:
> > On Fri, Sep 26, 2003 at 02:53:28PM +0200, Corinna Vinschen wrote:
> > > Btw., shouldn't that be
> > >
> > > SetTokenInformation (ptok, TokenDefaultDacl, pdacl, pAcl->AclSize)
> > > ^^^^^^^^^^^^^
> > > instead of sizeof(buf)?
> > Urgh. What I meant was:
> > sizeof *pdacl + pAcl->AclSize
> That makes for 3 possibilities but there is a 4th one: sizeof (* pdacl)
> (i.e. 4 bytes).
No, that doesn't make sense. The buffer is used for the whole data.
We can keep sizeof(acl_buf) if you like this better but I'm wondering
if that could also make a difference when calling SetTokenInformation.
Due to missing source code of Windows, I just have no idea how intelligent
the code behind that function is :-)
> No problem about changing the buffer size, of course, and also #defining a constant.
> Out of curiosity, have you ever seen a long default DACL?
I never looked explicitely for default dacls but I saw 3K SDs returned
from GetFileSecurity on NT4. AFAIR, the contained data didn't give
any hint why it was that big. Admitted, though, that it was at a time
I just had started to struggle with NT security...
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Developer mailto:email@example.com
Red Hat, Inc.