| delorie.com/archives/browse.cgi | search |
Hi Corinna At 10:13 AM 2/14/2002 +0100, you wrote: >The sec_user() call in CreateProcess() >was never intended to set the default DACL (I didn't even know >that something like that exists when I added that) but to set the >permissions to access the process. <snip> Yes, and in the case of DuplicateTokenEx(), the permissions of the new primary token. However the sd's of a new process TOKEN and of a new impersonation token are always initialized from the default in the (parent) process token. I think I now understand what's going on. The confusion between the impersonated sid and the original sid that we have observed in LookupAccountSid() is also present in the token sd, but things work out all right, for some reason. I will send you some patches shortly. <snip> >When I implemented this, the fork/exec implementation was pretty >different from today. As far as I rememeber, the code which copied >data from one process to the other needed access under the 2nd SID. >This could qualify for some code which could be pretty useless >today. E.g. your observation that RevertToSelf() could be dropped, >probably. I am still looking at that. On 2001-10-31 you added RevertToSelf() in dtable.cc (dtable::vfork_child_dup). Do you remember why? Pierre -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |