This is the mail archive of the cygwin-developers@cygwin.com mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: ntsec change needed to read one of my partitions

From: "Pierre A. Humblet" <Pierre dot Humblet at ieee dot org>
To: cygwin-developers at cygwin dot com
Date: Tue, 25 Nov 2003 16:39:36 -0500
Subject: Re: ntsec change needed to read one of my partitions
References: <3.0.5.32.20031124230616.00826c50@incoming.verizon.net> <20031125035028.GA4271@redhat.com> <3.0.5.32.20031124230616.00826c50@incoming.verizon.net> <3.0.5.32.20031125002323.00827790@incoming.verizon.net> <20031125102259.GA9255@cygbert.vinschen.de> <20031125212424.GA21470@redhat.com>
Reply-to: Pierre dot Humblet at ieee dot org


Christopher Faylor wrote:
> 
> On Tue, Nov 25, 2003 at 11:22:59AM +0100, Corinna Vinschen wrote:

> >
> >Chris, could you apply the below patch and send the created debug
> >output to this list?  For instance, the above creator owner entry looks
> >like this on my system:
> >
> >24   12756 [main] getfacl 1884 cygpsid::debug_print: SID S-1-3-0
> >20   12776 [main] getfacl 1884 getacl: Type: 0, Flags: B, Mask: 1F01FF
> 
> This is from an egrep 'cygpsid:|getacl:' ~/tmp/strace.out:
> 
>   641  200790 [main] getfacl 42232 cygpsid::debug_print: get_sids_info: owner SID = S-1-5-32-544
>   639  201429 [main] getfacl 42232 cygpsid::debug_print: get_sids_info: group SID = S-1-5-18
>   633  235649 [main] getfacl 42232 getacl: AceCount: 7
>   608  236257 [main] getfacl 42232 cygpsid::debug_print: SID S-1-5-32-544
>   687  236944 [main] getfacl 42232 getacl: Type: 0, Flags: 3, Mask: 1F01FF
>   608  237552 [main] getfacl 42232 cygpsid::debug_print: SID S-1-5-18
>   566  238118 [main] getfacl 42232 getacl: Type: 0, Flags: 3, Mask: 1F01FF
>   533  238651 [main] getfacl 42232 cygpsid::debug_print: SID S-1-3-0
>   528  239179 [main] getfacl 42232 getacl: Type: 0, Flags: B, Mask: 10000000

That's the GENERIC_ALL bit in the Mask, we should take it (and its siblings)
into account.

>   637  239816 [main] getfacl 42232 cygpsid::debug_print: SID S-1-5-32-545
>   532  240348 [main] getfacl 42232 getacl: Type: 0, Flags: 3, Mask: 1200A9
>   522  240870 [main] getfacl 42232 cygpsid::debug_print: SID S-1-5-32-545
>   551  241421 [main] getfacl 42232 getacl: Type: 0, Flags: 2, Mask: 4
>   522  241943 [main] getfacl 42232 cygpsid::debug_print: SID S-1-5-32-545
>   535  242478 [main] getfacl 42232 getacl: Type: 0, Flags: A, Mask: 2
>   533  243011 [main] getfacl 42232 cygpsid::debug_print: SID S-1-1-0
>   555  243566 [main] getfacl 42232 getacl: Type: 0, Flags: 0, Mask: 1200A9
>   522  244088 [main] getfacl 42232 getacl: 10 = getacl (k:\)

It's a little late to ask, but printing the acl and ace addresses
would help see where the holes are, not that we can do anything about them.

Pierre

Follow-Ups:
- Re: ntsec change needed to read one of my partitions
  - From: Corinna Vinschen

References:
- Re: ntsec change needed to read one of my partitions
  - From: Pierre A. Humblet
- ntsec change needed to read one of my partitions
  - From: Christopher Faylor
- Re: ntsec change needed to read one of my partitions
  - From: Pierre A. Humblet
- Re: ntsec change needed to read one of my partitions
  - From: Corinna Vinschen
- Re: ntsec change needed to read one of my partitions
  - From: Christopher Faylor

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]