delorie.com/archives/browse.cgi   search  
Mail Archives: cygwin/2015/04/18/06:21:43

X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
:list-unsubscribe:list-subscribe:list-archive:list-post
:list-help:sender:date:from:to:subject:message-id:reply-to
:references:mime-version:content-type:in-reply-to; q=dns; s=
default; b=vVpeWLiJdGKPRAARmL/wnU2HDUSFXT1vsJDI0Eu30wXoLkJx5ICtQ
b6k7f1tYrAVBaZlVZ/1E2f3H2F6qMUiiHL29qvCWHzlRVStBZtcjht0VbgxNYSdP
NRNrfFOFMbfOOmUsK7RIk/UTkomvS57k2ky5yxB8H5BD8TzDlcUxwY=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
:list-unsubscribe:list-subscribe:list-archive:list-post
:list-help:sender:date:from:to:subject:message-id:reply-to
:references:mime-version:content-type:in-reply-to; s=default;
bh=BCTMvfiHjwtiodho+uEw0lB8ATU=; b=AGOlQO++XNptdxiXu/UVfEEqptD8
Zwnmu9MF9WnCs2Mbwumk1WJglA8rMjYacwFVHZGJcpbwE5te3cgoOWGEniZQHNIY
hSIOSpLCw4CuObKpWRPfbPHZ1zJtgzrQDO2bDI3ifphc2I96yHYYfYZIA6sNxfwL
Et0wtFa1Ro7JaKk=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-5.4 required=5.0 tests=AWL,BAYES_00,KAM_LAZY_DOMAIN_SECURITY autolearn=no version=3.3.2
X-HELO: calimero.vinschen.de
Date: Sat, 18 Apr 2015 12:20:25 +0200
From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: [ANNOUNCEMENT] TEST RELEASE: Cygwin 2.0.0-0.7
Message-ID: <20150418102025.GL3657@calimero.vinschen.de>
Reply-To: cygwin AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
References: <announce DOT 20150417103517 DOT GV3657 AT calimero DOT vinschen DOT de> <87pp72sei6 DOT fsf AT Rainer DOT invalid> <20150418083919 DOT GJ3657 AT calimero DOT vinschen DOT de> <87h9sd4vl6 DOT fsf AT Rainer DOT invalid>
MIME-Version: 1.0
In-Reply-To: <87h9sd4vl6.fsf@Rainer.invalid>
User-Agent: Mutt/1.5.23 (2014-03-12) 

--LWVQOr/QoF/fPPTS
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Apr 18 11:47, Achim Gratz wrote:
> Corinna Vinschen writes:
> > In theory, the access(2)/faccessat(2) functions should not rely at all
> > on the new code.  The reason is that they are implemented using the
> > underlying OS function to evaluate ACLs.  That means, they provide the
> > actual access the OS grants.
>=20
> That means they do not lie to the user like the mode bits do.  Which
> breaks all sorts of assumptions that POSIX programs are allowed to make.
> In turn one will almost universally have to remove the corresponding ACL
> grants (the inherited ACL will always have rwx modes) when using an
> administrator account (in this particular instance that's an easy thing
> to do, luckily).  This kind of brings us back to where we started with
> the discussion of whether to handle SYSTEM and Administrators specially,
> only that the point of decision is now moved from mode check to
> (f)access(at).  The outcome is the same: if you can't remove those ACL,
> then correct POSIX semantics aren't possible.

Right.  It's a compromise.  I take it you don't like the extra behaviour
for SYSTEM/Admins.  Neither do I.  Others are desperately waiting for
more.  The problem with compromises is, they are usually best if nobody
is completely satisfied ;)

As I said before, this behaviour is not necessarily the last word.
We have to see how this works out.  The point you're making here
is certainly a point against this implementation.  But I'm willing
to defend it to get more testing.

> > In the above case, SYSTEM and Administrators both have execute
> > permissions, because they are never masked if they are secondary
> > accounts, as outlined in the test release announcement.
>=20
> A POSIX program trying to shortcut the ACL handling would conclude it
> doesn't need to look beyond the mode bits.  A program that checks with
> faccessat anyway gets told a different story.  The only analogue to this
> is with root having implicit access to files on UN*X systems, but I
> think "executable" would still be determined from the mode bits in this
> case.

Uh, not quite.  POSIX defines

   If any access permissions are checked, each shall be checked
   individually, as described in XBD File Access Permissions , except
   that where that description refers to execute permission for a
   process with appropriate privileges, an implementation may indicate
   success for X_OK even if execute permission is not granted to any
   user.


Corinna

--=20
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

--LWVQOr/QoF/fPPTS
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBAgAGBQJVMi/pAAoJEPU2Bp2uRE+geeMP+wWhdMorD40Bi60XPgybGv67
xs8Y6P0jaSML3kHYOW5g2LCSVXpAtDOp8iCJOEVvwhK+TZeITYBVN66nokUOUhzV
mNfuB71qbgLZNUStHqffqTzw/eKxj9R17WIETsGgji5zzfU/Y5a+rsiE/8Rp6zbF
IAZhkrzQMA1oQXCdyUfAB5E8aLjfBod2J2HAdqio3gti5ygnwetOE5dB+0LzPPVb
o6tbwX8+D5EPORnPLyS+dA8hYQnRwlAqZ2H339KH+m+XqE0gjp0nKItxM7iKQhqQ
kEOndzc05c+piIGktIh2JFB3lpGc+yBdMra08nUR0TYwSwCaRrqKYn0n6rfsuP7Z
Jl+a1pv1a1E4cB20XMXvJelv7OfT8lgEbRbESXYWfmu+KiIJlWD/s4r7oEwBzKsJ
ZKOMtgz12pFhEoDGiDW1txNhoRL7b9HtE1+0yMzayJrW0l8cd9FdcDAf51BC8msH
+CDo7o8wiAeWUJvr9kPFhp4ciHdWU7H93KaDCrhwYWjWXKWpQnJiN2EaERFS4tMJ
/7wev2bRYLnXTvYx5mkbMQyT6wIOOkSu//7smSlxO2hXk3wKfCdxLuXrc0kuUs0P
AkzQ+Z69O0EPqnju0KPaOPk7Hanepwk7Z5YgcbcrdxkgX9iGM02dRA/FcoONrIpr
ehWmy11fmN6tM6TEtQVy
=n19G
-----END PGP SIGNATURE-----

--LWVQOr/QoF/fPPTS--

- Raw text -


  webmaster     delorie software   privacy  
  Copyright © 2019   by DJ Delorie     Updated Jul 2019