This is the mail archive of the cygwin-patches@cygwin.com mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [Patch] Recent security improvements breaks proftpd

On Fri, Sep 26, 2003 at 09:43:38AM -0400, Pierre A. Humblet wrote:
> Corinna Vinschen wrote:
> > 
> > On Fri, Sep 26, 2003 at 02:53:28PM +0200, Corinna Vinschen wrote:
> > > Btw., shouldn't that be
> > >
> > >   SetTokenInformation (ptok, TokenDefaultDacl, pdacl, pAcl->AclSize)
> > >                                                       ^^^^^^^^^^^^^
> > >                                                     instead of sizeof(buf)?
> > 
> > Urgh.  What I meant was:
> > 
> >   sizeof *pdacl + pAcl->AclSize
> > 
> That makes for 3 possibilities but there is a 4th one: sizeof (* pdacl) 
> (i.e. 4 bytes).

No, that doesn't make sense.  The buffer is used for the whole data.
We can keep sizeof(acl_buf) if you like this better but I'm wondering
if that could also make a difference when calling SetTokenInformation.
Due to missing source code of Windows, I just have no idea how intelligent
the code behind that function is :-)

> No problem about changing the buffer size, of course, and also #defining a constant.
> Out of curiosity, have you ever seen a long default DACL?

I never looked explicitely for default dacls but I saw 3K SDs returned
from GetFileSecurity on NT4.  AFAIR, the contained data didn't give
any hint why it was that big.  Admitted, though, that it was at a time
I just had started to struggle with NT security...

Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                                mailto:cygwin@cygwin.com
Red Hat, Inc.
Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]