delorie.com/archives/browse.cgi   search  
Mail Archives: cygwin/2002/01/24/14:57:15

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Message-ID: <3C506701.A334DC8A@ieee.org>
Date: Thu, 24 Jan 2002 14:56:49 -0500
From: "Pierre A. Humblet" <Pierre DOT Humblet AT ieee DOT org>
X-Mailer: Mozilla 4.73 [en] (WinNT; U)
X-Accept-Language: en,pdf
MIME-Version: 1.0
To: Corinna Vinschen <cygwin AT cygwin DOT com>
Subject: Re: security.cc: bug report, question and suggestion
References: <3C4EFF65 DOT FF7BA4DE AT ieee DOT org> <20020123194126 DOT H11608 AT cygbert DOT vinschen DOT de> 

--------------6EDF6C45158B655707F32FE1
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Corinna Vinschen wrote:

> However, I've just checked in a change which should create a useful
> DACL for the primary token created by DuplicateTokenEx() in the
> create_token() function.  It uses the function `sec_user()' which I
> once introduced to set security attributes for CreateProcess calls,
> etc.  Could you test if it now behaves as you'd expect?

Corinna,

It doesn't seem to do anything (see attach). What does it do for you?
I am pretty sure (used gdb) that I am running your latest code. NT4.0

Pierre
--------------6EDF6C45158B655707F32FE1
Content-Type: text/plain; charset=us-ascii;
 name="out.txt"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="out.txt"

gid was 513
setgid returned 0, read 1005
uid was 500
setuid returned 0, read 1004
USERNAME testuser
/******************* Token Start ****************************/
/******************* Token User */
PHumblet ASTRALPOINT SidTypeUser
S-1-5-21-2127391503-1594901184-99485923-1004
/******************* Token Type */
TokenImpersonation
/******************* Token Source */
Token source Cygwin.1
/******************* Token Security */
*************** SECURITY INFO START *************
Owner: Administrators BUILTIN SidTypeAlias
S-1-5-32-544
Group: Domain Users ASTRALPOINT SidTypeGroup
S-1-5-21-1391547877-877281485-1846952604-513
ACL:
0 Administrators BUILTIN SidTypeAlias
S-1-5-32-544
ACCESS_ALLOWED_ACE_TYPE 
TOKEN_ASSIGN_PRIMARY, TOKEN_DUPLICATE, TOKEN_IMPERSONATE, TOKEN_QUERY, TOKEN_QUERY_SOUR
CE, TOKEN_ADJUST_PRIVILEGES, TOKEN_ADJUST_GROUPS, TOKEN_ADJUST_DEFAULT, DELETE, READ_CO
NTROL, WRITE_DAC, WRITE_OWNER, 
1 SYSTEM NT AUTHORITY SidTypeWellKnownGroup
S-1-5-18
ACCESS_ALLOWED_ACE_TYPE 
TOKEN_ASSIGN_PRIMARY, TOKEN_DUPLICATE, TOKEN_IMPERSONATE, TOKEN_QUERY, TOKEN_QUERY_SOUR
CE, TOKEN_ADJUST_PRIVILEGES, TOKEN_ADJUST_GROUPS, TOKEN_ADJUST_DEFAULT, DELETE, READ_CO
NTROL, WRITE_DAC, WRITE_OWNER, 
*************** SECURITY INFO END *************


--------------6EDF6C45158B655707F32FE1
Content-Type: text/plain; charset=us-ascii

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/
--------------6EDF6C45158B655707F32FE1--

- Raw text -


  webmaster     delorie software   privacy  
  Copyright © 2019   by DJ Delorie     Updated Jul 2019