Corinna Vinschen
Fri Apr 16 10:20:00 GMT 2004

On Apr 15 12:58, Pierre A. Humblet wrote:
> Corinna Vinschen wrote:
> > 
> > On Apr 15 12:11, Pierre A. Humblet wrote:
> > > The problem is that I won't be privileged until write_sd.
> > > It may be better to first call with query_read_control and to
> > > retry in write_sd.
> > >
> > > I am wondering if we need a CreateFile with FILE_FLAG_BACKUP_SEMANTICS
> > > or if a simple DuplicateHandle would also work, after becoming privileged.
> > 
> > You could give it a test.  But actually I don't understand the problem.
> > What does it save us?  The CreateFile fails not because
> > FILE_FLAG_BACKUP_SEMANTICS is set, but because WRITE_OWNER and
> > WRITE_DAC is requested.  And you can't add these access modes by a
> > call to DuplicateHandle.
> I tried this:
> /> touch aaa bbb
> /> ls -l aaa bbb
> -rw-r--r--    1 PHumblet Clearuse        0 Apr 15 12:34 aaa
> -rw-r--r--    1 PHumblet Clearuse        0 Apr 15 12:34 bbb
> /> chown testuser bbb
> /> chown phumblet:544 aaa bbb
> /> ls -l aaa bbb
> -rw-r--r--    1 PHumblet Administ        0 Apr 15 12:34 aaa
> -rw-r--r--    1 PHumblet Administ        0 Apr 15 12:34 bbb
> Note that I could chown bbb back to PHumblet because I became
> privileged while changing the group of aaa.
> The point is that the initial open of bbb worked. 
> So it looks like FILE_FLAG_BACKUP_SEMANTICS is not needed.

Sorry, but it's not clear to me how you come to this conclusion.
chown(1) uses chown(2), not fchown(2).  So the files are always
opened using the open_fs call in fhandler_disk_file::fchown.
You could have called `chown phumblet bbb' and it would have
worked as well.  Or do I miss some something?  What did you change
in the source code for that test?

FILE_FLAG_BACKUP_SEMANTICS is set unconditionally in open_fs.  You
definitely need it when opening directories.  I still don't see why
it should have an advantage to not set FILE_FLAG_BACKUP_SEMANTICS
when opening the file.  It costs nothing as far as I can see.  It
doesn't hold you back from opening the file, even if you don't have
SE_RESTORE_NAME permission.

> Why can't we set WRITE_OWNER and WRITE_DAC with DuplicateHandle?
> It has a dwDesiredAccess argument.

Using DuplicateHandle, you can't create a new handle with write permissions
if the file has originally been opened with only read permissions.  That's
documented in MSDN, though in a somewhat simplified way:

  "In some cases, the new handle can have more access rights than the
   original handle. However, in other cases, DuplicateHandle cannot create
   a handle with more access rights than the original. For example, a file
   handle created with the GENERIC_READ access right cannot be duplicated
   so that it has both the GENERIC_READ and GENERIC_WRITE access right."


Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Co-Project Leader
Red Hat, Inc.

More information about the Cygwin-developers mailing list