ntsec change needed to read one of my partitions

Pierre A. Humblet Pierre.Humblet@ieee.org
Tue Nov 25 21:39:00 GMT 2003 


Christopher Faylor wrote:
> 
> On Tue, Nov 25, 2003 at 11:22:59AM +0100, Corinna Vinschen wrote:

> >
> >Chris, could you apply the below patch and send the created debug
> >output to this list?  For instance, the above creator owner entry looks
> >like this on my system:
> >
> >24   12756 [main] getfacl 1884 cygpsid::debug_print: SID S-1-3-0
> >20   12776 [main] getfacl 1884 getacl: Type: 0, Flags: B, Mask: 1F01FF
> 
> This is from an egrep 'cygpsid:|getacl:' ~/tmp/strace.out:
> 
>   641  200790 [main] getfacl 42232 cygpsid::debug_print: get_sids_info: owner SID = S-1-5-32-544
>   639  201429 [main] getfacl 42232 cygpsid::debug_print: get_sids_info: group SID = S-1-5-18
>   633  235649 [main] getfacl 42232 getacl: AceCount: 7
>   608  236257 [main] getfacl 42232 cygpsid::debug_print: SID S-1-5-32-544
>   687  236944 [main] getfacl 42232 getacl: Type: 0, Flags: 3, Mask: 1F01FF
>   608  237552 [main] getfacl 42232 cygpsid::debug_print: SID S-1-5-18
>   566  238118 [main] getfacl 42232 getacl: Type: 0, Flags: 3, Mask: 1F01FF
>   533  238651 [main] getfacl 42232 cygpsid::debug_print: SID S-1-3-0
>   528  239179 [main] getfacl 42232 getacl: Type: 0, Flags: B, Mask: 10000000

That's the GENERIC_ALL bit in the Mask, we should take it (and its siblings)
into account.

>   637  239816 [main] getfacl 42232 cygpsid::debug_print: SID S-1-5-32-545
>   532  240348 [main] getfacl 42232 getacl: Type: 0, Flags: 3, Mask: 1200A9
>   522  240870 [main] getfacl 42232 cygpsid::debug_print: SID S-1-5-32-545
>   551  241421 [main] getfacl 42232 getacl: Type: 0, Flags: 2, Mask: 4
>   522  241943 [main] getfacl 42232 cygpsid::debug_print: SID S-1-5-32-545
>   535  242478 [main] getfacl 42232 getacl: Type: 0, Flags: A, Mask: 2
>   533  243011 [main] getfacl 42232 cygpsid::debug_print: SID S-1-1-0
>   555  243566 [main] getfacl 42232 getacl: Type: 0, Flags: 0, Mask: 1200A9
>   522  244088 [main] getfacl 42232 getacl: 10 = getacl (k:\)

It's a little late to ask, but printing the acl and ace addresses
would help see where the holes are, not that we can do anything about them.

Pierre

More information about the Cygwin-developers mailing list