delorie.com/archives/browse.cgi   search  
Mail Archives: cygwin/2006/11/29/16:54:10

X-Spam-Check-By: sourceware.org
To: cygwin AT cygwin DOT com
From: Eric Blake <ebb9 AT byu DOT net>
Subject: backup privileges [was: [ANNOUNCEMENT] Updated: cygwin-1.5.22-1]
Date: Wed, 29 Nov 2006 21:53:17 +0000 (UTC)
Lines: 40
Message-ID: <loom.20061129T223812-141@post.gmane.org>
References: <announce DOT 20061114101219 DOT GB31134 AT calimero DOT vinschen DOT de>
Mime-Version: 1.0
User-Agent: Loom/3.14 (http://gmane.org/)
X-IsSubscribed: yes
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

Corinna Vinschen <corinna-cygwin <at> cygwin.com> writes:

> 
> I've made a new version of the Cygwin DLL and associated utilities
> available for download.  This is a bug fix release.  Only one minor
> functional change has been made since 1.5.21-1.  As usual, a list
> of what has changed is below.
> 
...
> 
> - Always open files with backup/restore intent to emulate real "root"
>   access.  Fix access(2) accordingly. (corinna)

This change has some interesting effects, and I think you did the right thing 
by making access(2) reflect what open() is capable of.  But now both the 
findutils and coreutils testsuites report failures, where before this patch 
they were passing, when the testsuite is run by a user in the Administrators 
group.  These failures are spurious, due to the fact that the testsuites are 
making the (IMO unfounded) assumption that it should always be impossible to 
read a file with mode 000.  The coreutils testsuite, at least, recognizes the 
importance of checking in advance which tests of the testsuite must be skipped 
when run by root/non-root entities due to the different semantics that 
privileges outside of the ACL scheme can provide, but obviously did not catch 
all the cases.  But it took me a while to realize that these were testsuite 
bugs and not program bugs.

But it does beg the question of whether it should be configurable whether a 
user WANTS to use backup privileges to bypass ACLs.  It seems like cygwin is 
very often installed by users that happen to have Administrator privileges, but 
who don't know any better that they must be careful (in particular, think of 
home users).  For the same reasons that you don't normally run as root on 
Linux, even when you know the root password, you shouldn't normally be allowing 
yourself extra privileges (like backup/restore intent) in day-to-day work on 
Windows.  Perhaps we should add a switch in the CYGWIN environment variable 
that can be set so that a user with Administrator privileges can still honor 
ACLs rather than behaving like root?

-- 
Eric Blake



--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

- Raw text -


  webmaster     delorie software   privacy  
  Copyright © 2019   by DJ Delorie     Updated Jul 2019