This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Necessary To Query SACL Information?

On Oct 12 20:37, Bryan Berns wrote:
> I noticed when I launch an executable, Cygwin queries SACL information
> on the executable (which I can see in Process Monitor as a
> 'QuerySecurityFile' operation).  On some of my protected file servers,
> this generates a failure audit.  Looking at the source code, I'm going
> to guess this might be from the NtQuerySecurityObject call in
> which requests SACL information by asking for for
> ALL_SECURITY_INFORMATION.  Does Cygwin really need to query this
> information? Aside from keeping my audit logs clean, it seems like it
> might be an opportunity for optimizing the executable launch process
> if Cygwin doesn't really need this (or some of the other information

As you found out yourself, Cygwin only reads and writes the owner/group
information and the DACL.  Accessing this information is required for
POSIX permission handling, e.g. stat(2), chmod(2), chown(2), acl(2).
Also, creating a file with open(2) requires to write the DACL to create
valid POSIX permissions for a file.


Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

Attachment: pgp97FsslNKV7.pgp
Description: PGP signature

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]