This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: More about permissions

On Mar 31 20:41, Eliot Moss wrote:
> On 3/31/2015 4:55 PM, Andrey Repin wrote:
> >> I am not sure this particular program (CrashPlan) works that way.
> >
> >That's not program property, but the user you run the program from.
> Perhaps, but it runs as a background service.  I never explicitly said what
> user it runs as, etc.
> Looking in Services, I see is logs on as "Local System account".  Using
> Process Explorer, it appears to run without SEBackup/Restore privileges.
> Since the program has to request them itself as it runs, I don't see any
> good way to fix this.
> >I think i've explained it earlir, but here's it again:
> >In POSIX model, root have implicit permissions.
> >In Windows model, there NO implicit permissions at all. Everything should be
> >explicitly assigned. I.e. SeBackupRestore privilege.
> >If you deny SYSTEM access to a file, OS will not be able to do anything about
> >it. Been there, blocked changes to cmd.exe when I was experimenting with 4NT.
> >(And cmd.exe was in fact renamed 4nt.exe.) None of the Windows autotools were
> >able to get around it.
> Yes, I get that.  Hence my desire to grant SYSTEM:rwx on everything.
> What we seem to have ended up with here, though, is that the
> root privileges are explicit and are exposed in the ordinary permissions visible
> with, say, ls -l.

Huh?  ls -l (that is, stat(2)) shows the permissions in the same way as
they are computed on a POSIX system.  The mask value is just faked from
the existing permsissions, but other than that, it does what POSIX
1003.1e requires.

> This is not natural from a POSIX point of view (I claim);
> otherwise, we'd more or less show access of rwxrwxrwx on everything in POSIX.

I don't grok that.  POSIX shows the permissions exactly as they are,
with the group permissions being the primary group perms or the mask
value if there is a mask.  On Cygwin the mask is faked, but it shows the
combined permissions of all non-primary users and groups, so it's a good
fake.  So in both cases the group permissions show you where's a
security problem.

Granting SYSTEM access to the kitchen sink is a Windows thingy, and a
bad one as well.  Rather than just asking the developers to enable the
SE_BACKUP_NAME/SE_RESTORE_NAME rights when needed, they now add full
access for SYSTEM and Administrators by default every time.  That's a
bad hack and totally unnecessary, too.

But Cygwin adds SE_BACKUP_NAME/SE_RESTORE_NAME rights to the processes
by default, so in theory you don't need full SYSTEM access inside your
Cygwin tree.


Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

Attachment: pgpB47EiaxYau.pgp
Description: PGP signature

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]