delorie.com/archives/browse.cgi   search  
Mail Archives: cygwin/2015/11/29/15:29:57

X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
:list-unsubscribe:list-subscribe:list-archive:list-post
:list-help:sender:reply-to:date:from:to:subject:message-id
:mime-version:content-type; q=dns; s=default; b=fRRO4dUNHGVXr1ea
5e+kOnjOVVkhEtpAewETlz7h0Idv5bBnENogf4wIVyM1CMycHduo1GMY9tMHAcp2
pHtvkzeTVog7xXn0it2Drzl8X3p6eRZyoEx6GiFtsWLTupwPWtZqSMYpgnUAr1rP
X+8BnHYZZw2Lsa4C5P7pTvM5UAE=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
:list-unsubscribe:list-subscribe:list-archive:list-post
:list-help:sender:reply-to:date:from:to:subject:message-id
:mime-version:content-type; s=default; bh=4N+gpYaIivN0/oBgBNW6Ag
jj+LQ=; b=Yzacr9RcEZq5H9cJ2uilEYn+3Al12GI0Zjr3EBR6PaxgiSWEHL9Z+2
EjqBieetZR+wk9J8sY29bUQiQo0PktfznMQS8A00lOp1+jgfmV1rOBXXx68YDouQ
JqISz4Zh+UtRHRKovcwJWmy00BuK3SgOAgMFLIDFphbwyKI/luttg=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-HELO: localhost.localdomain
Reply-To: cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-3.7 required=5.0 tests=AWL,BAYES_50,KAM_ASCII_DIVIDERS,KAM_LAZY_DOMAIN_SECURITY autolearn=no version=3.3.2
Date: Sun, 29 Nov 2015 21:18:10 +0100
From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To: cygwin AT cygwin DOT com
Subject: [ANNOUNCEMENT] TEST RELEASE: Cygwin 2.4.0-0.6
Message-Id: <announce.20151129201810.GE2755@calimero.vinschen.de>
MIME-Version: 1.0
User-Agent: Mutt/1.5.23 (2014-03-12)

Hi Cygwin friends and users,


I released a new TEST version of Cygwin, 2.4.0-0.6.

There's a single bugfix compared to 2.4.0-0.5:

- Fix generating invalid SIDs in a border case related to using
  Microsoft Accounts.
  Addresses: https://cygwin.com/ml/cygwin/2015-11/msg00362.html


======================================================================
If this code is acceptable, I will create an official 2.4.0 release
end of this week.
======================================================================
 

This is the "new POSIX ACL handling reloaded" release.

In local testing I successfully integrated AuthZ into the current Cygwin
code to generate more correct user permissions by being able to generate
effective permissions for arbitrary users.

This success convinced me that it might be possible to pick up the POSIX
permission rewrite originally targeted for the 2.0.0 release and try to
update it using AuthZ and generally revamp it to reflect effective
permissions better.

My local testing looks good, but this is a major change, so this code
really needs a lot more testing in various scenarios.  Especially
some Windows ACLs created in corporate environments are often a hard
nut to crack, and the example from

https://cygwin.com/ml/cygwin/2015-04/msg00513.html

which was the ultimate downfall of the original implementation is
the stuff which needs some good testing.

There's, as usual, a downside: AuthZ leans a bit to the slow side.
Cygwin caches information already gathered once on a per-process basis,
but in locally crafted worst case scenarios (`ls' on lots of file owned
by lots of different users and groups) the slowdown may be up to 25%.
But that's really just a worst case, in the usual scenarios the slowdown
should be mostly unnoticable.

To alleviate the problem, the AuthZ code is fortunately only called for
non-Cygwin ACLs and Cygwin ACLs created before this release.  Within a
pure Cygwin environment (e.g., some build directory only used with
Cygwin tools) AuthZ should be practically unused.

Apart from the aforementioned code changes to "just do it right", there
are two additional changes I implemented for this new POSIX ACL revamp
release:

- I reverted the questionable change I added to 2.0.0-0.7 in terms of
  chmod group permission handling.  The original description of this
  change was:

    If you have a non-trivial ACL with secondary accounts and thus a
    mask value, chmod is supposed to change only the mask, not the
    permissions of the primary group.  However, if the primary group has
    few permissions to begin with, the result is really surprising.  ls
    -l would, e.g., show read/write perms for the group, but the group
    might still have only read perms.

    Personally I find this chmod behaviour really, really bad, so I took
    the liberty to change it in a way which gives a much less surprising
    result:  If you call chmod on a non-trivial ACL, the group
    permissions will be used for the primary group and the mask.

- setfacl(1) now accepts the combination of the -b and -k options, just as
  on Linux.

As for the description what this implementation strives for, please see
http://linux.die.net/man/5/acl

============================================================================

What's new:
-----------

- New, unified implementation of POSIX permission and ACL handling.  The
  new ACLs now store the POSIX ACL MASK/CLASS_OBJ permission mask, and
  they allow to inherit the S_ISGID bit.  ACL inheritance now really
  works as desired, in a limited, but theoretically equivalent fashion
  even for non-Cygwin processes.

  To accommodate standard Windows ACLs, the POSIX permissions of the
  owner and all other users in the ACL are computed using the Windows
  AuthZ API.  This may slow down the computation of POSIX permissions
  noticably in some circumstances, but is generally more correct.  The
  new code also ignores SYSTEM and Administrators group permissions when
  computing the MASK/CLASS_OBJ permission mask on old ACLs, and it
  doesn't deny access to SYSTEM and Administrators group based on the
  value of MASK/CLASS_OBJ when creating the new ACLs.

  The new code now handles the S_ISGID bit on directories as on Linux:
  Setting S_ISGID on a directory causes new files and subdirs created
  within to inherit its group, rather than the primary group of the user
  who created the file.  This only works for files and directories
  created by Cygwin processes.

- New API: rpmatch.


What changed:
-------------

- setfacl(1) now allows to use the -b and -k option combined to allow reducing
  an ACL to only reflect standard POSIX permissions.

- Fix (numeric and monetary) decimal point and thousands separator in
  fa_IR and ps_AF locales to be aligned with Linux.


Bug Fixes
---------

- Replaced old, buggy strtold implementation with well-tested gdtoa version
  from David M. Gay.
  Addresses: https://cygwin.com/ml/cygwin/2015-11/msg00205.html

- Fix handling of relative paths in native symlinks if the target is in a
  drive's root dir or one level below.
  Addresses: https://cygwin.com/ml/cygwin/2015-11/msg00277.html

- Fix a SEGV when calling `kill -l 0'.
  Addresses: https://cygwin.com/ml/cygwin/2015-11/msg00430.html

- Fix a race condition in signal handling.
  Addresses: https://cygwin.com/ml/cygwin/2015-11/msg00387.html

============================================================================


Have fun,
Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

- Raw text -


  webmaster     delorie software   privacy  
  Copyright © 2019   by DJ Delorie     Updated Jul 2019