Mail Archives: cygwin/2001/12/29/17:16:05

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2001/12/29/17:16:05

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sources.redhat.com/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

Date: Sat, 29 Dec 2001 23:15:05 +0100

From: Corinna Vinschen <cygwin AT cygwin DOT com>

To: cygwin AT cygwin DOT com

Subject: Re: security.cc: bug report, question and suggestion

Message-ID: <20011229231505.O27340@cygbert.vinschen.de>

Mail-Followup-To: cygwin AT cygwin DOT com

References: <3 DOT 0 DOT 5 DOT 32 DOT 20011229152301 DOT 0083a1f0 AT pop DOT ne DOT mediaone DOT net>

Mime-Version: 1.0

In-Reply-To: <3.0.5.32.20011229152301.0083a1f0@pop.ne.mediaone.net>

User-Agent: Mutt/1.3.22.1i

On Sat, Dec 29, 2001 at 03:23:01PM -0500, Pierre A. Humblet wrote:
> Bug in security.cc:
> 
> The intent of open_local_policy() is to return an INVALID
> handle if the call to LsaOpenPolicy() fails. Unfortunately
> the failed call changes the value of lsa. The fix is obvious.

Thanks for the heads up.  I've checked in a patch.
> 
> Breakpoint 3, open_local_policy () at /src/winsup/cygwin/security.cc:183
> 184       LSA_HANDLE lsa = INVALID_HANDLE_VALUE;
> (gdb) s
> 186       NTSTATUS ret = LsaOpenPolicy(NULL, &oa, POLICY_ALL_ACCESS, &lsa);
> (gdb) p lsa
> [...]
> Question:
> is the Policy Object only accessible by administrators 
> or is there some ACL that can be set? I was unable
> to find info on the Microsoft site.

AFAIK, it's accessible by everyone but it's only changable
by administrators.  I've checked in a patch so that the
call to LsaOpenPolicy() only requests the needed user rights.

> Suggestion
> In cygrunsrv.README, could you add that the user specified
> with -u must have the "Logon as a service" privilege?

Done.  But I will not upload a new version of cygrunsrv just for
a change to the README.

Thanks,
Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                                mailto:cygwin AT cygwin DOT com
Red Hat, Inc.

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sources.redhat.com/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Date:	Sat, 29 Dec 2001 23:15:05 +0100
From:	Corinna Vinschen <cygwin AT cygwin DOT com>
To:	cygwin AT cygwin DOT com
Subject:	Re: security.cc: bug report, question and suggestion
Message-ID:	<20011229231505.O27340@cygbert.vinschen.de>
Mail-Followup-To:	cygwin AT cygwin DOT com
References:	<3 DOT 0 DOT 5 DOT 32 DOT 20011229152301 DOT 0083a1f0 AT pop DOT ne DOT mediaone DOT net>
Mime-Version:	1.0
In-Reply-To:	<3.0.5.32.20011229152301.0083a1f0@pop.ne.mediaone.net>
User-Agent:	Mutt/1.3.22.1i