Mail Archives: cygwin/2018/08/04/13:12:10

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2018/08/04/13:12:10

X-Recipient: archive-cygwin AT delorie DOT com

DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:message-id:from:to:subject:date:mime-version

:content-type:content-transfer-encoding; q=dns; s=default; b=HF8

ximE5STS59UEJ+5D9Vw5/XnRV3YYS6RIxS/T/EyVaWUq7V5pp160KSsrdwSxB6Lr

9KWR7pMSjqeFY7VArg/YPImVuN7TwwlL9szqBH4TstwNeqs2JwCbrh8MN+c8HHQq

qqZ88SpyasgaXBNmc6+FWjPLnSeml7s1SyPFPcSg=

DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:message-id:from:to:subject:date:mime-version

:content-type:content-transfer-encoding; s=default; bh=Fk2q8VNf3

JsL+n+AaZO8oka9c3I=; b=myncgIBE+u6GXOLKcDOz9Zenrr9/kTDV0sYHXY8pE

6iv7HN/41sL+DhAkYJYuUS1CbAvvKmxYGVK5OHkWZ3beQwydmeNJPeAvBeHA0GXe

kNboqcF4a8t5Tl/hQSdhHuGDXdFNX97mjGFn66wi+mD/Cb0LBkyKzH8E5j6hPx9b

pg=

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Id: <cygwin.cygwin.com>

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sourceware.org/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

Authentication-Results: sourceware.org; auth=none

X-Spam-SWARE-Status: No, score=2.1 required=5.0 tests=BAYES_40,SPF_PASS,XPRIO autolearn=no version=3.3.2 spammy=H*UA:6.00.2900.5931, H*x:6.00.2900.5931, UD:aspx, lies

X-HELO: mx009.vodafonemail.xion.oxcs.net

Message-ID: <2B3187EFB48B477183C355EDF9660136@W340>

From: "Stefan Kanthak" <stefan DOT kanthak AT nexgo DOT de>

To: <cygwin AT cygwin DOT com>

Subject: Cygwin's ACL handling is NOT interoperable with Windows

Date: Sat, 4 Aug 2018 19:11:28 +0200

MIME-Version: 1.0

Hi,

<https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-files> states:

| There's just one problem when trying to map the POSIX permission model
| onto the Windows permission model.
...
| Canonical ACLs are unable to reflect each possible combination of POSIX
| permissions.
...
| Again: This works on all supported versions of Windows. Only the GUIs
| aren't able (or willing) to deal with that order.

These last two statements are wrong:

* the first statement holds ONLY because of the LIMITATION of the POSIX
  permissions; it is WRONG for the general case, which ALL Windows
  interfaces/components need to consider and handle, EVERYWHERE!

* the second statement is a blatant lie: to guarantee CORRECT
  interpretation of arbitrary ACLs, ALL Windows interfaces/components,
  not just the "GUIs", MUST create CANONICAL ACLs only.

  This especially means that not just Windows Explorer, but also the
  command processor with its builtin COPY command as well as the
  CopyFile() <https://msdn.microsoft.com/en-us/library/aa220078.aspx>
  API (just to pick 3 examples) bring INHERITED ACEs into their PROPER
  canonical order.

As Cygwin is a guest in the house of Windows, it should respect its hosts
house rules; instead it but violates them, and blames the host for its
faults!

| But don't even think of pressing OK...

Fortunately nobody need to press OK here, but everybody can demonstrate
Cygwin's defects as follows:

* Use Windows Explorer, the command processor or CopyFile() to copy an
  arbitrary file into a directory created by Cygwin, then inspect its
  ACL!

* Use Windows' Explorer, the command processor or CopyFile() to copy an
  arbitrary file created by Cygwin into an arbitrary directory created
  by Cygwin, then inspect its ACL.

* Use Windows Explorer or the command processor to create a subdirectory
  in a directory created by Cygwin, then inspects its ACL!

Do these ACLs reflect the intended or expected POSIX permissions?
OUCH³!


Win32 functions like CreateFile() and CreateDirectory()
(see <https://msdn.microsoft.com/en-us/library/aa363858.aspx>
and <https://msdn.microsoft.com/en-us/library/aa363855.aspx>)
allow to write NON-canonical ACLs via direct specification of a
"security descriptor"; if NULL is specified (which is the typical
case), they create canonical ACLs, reordering inherited ACEs!

Unfortunately their documentation misses remarks on the proper
canonical order of ACLs, and how inherited but UNORDERED ACLs are
handled.

The documentation of other Win32 functions, for example
AddAccessAllowedAce() and AddAccessDeniedAce()
(see <https://msdn.microsoft.com/en-us/library/aa374947.aspx>
and <https://msdn.microsoft.com/de-de/library/aa374962.aspx>)
but EXPLICITLY states:

| These functions do not automatically place the new ACE in the
| proper canonical order. It is the caller's responsibility to
| ensure that the ACL is in canonical order by adding ACEs in the
| proper sequence.

<https://msdn.microsoft.com/en-us/library/aa374951.aspx> and
<https://msdn.microsoft.com/en-us/library/aa374964.aspx> go further:

| The caller must ensure that ACEs are added to the DACL in the
| correct order. For more information, see Order of ACEs in a DACL.

<https://msdn.microsoft.com/en-us/library/aa379298.aspx>
<https://msdn.microsoft.com/en-us/library/aa446683.aspx>
<https://technet.microsoft.com/en-us/library/cc781716.aspx>

| The canonical order ensures that an explicit access-denied ACE is
| enforced regardless of any explicit access-allowed ACE.

JFTR: for the algorithm used in Windows and why the proper order of
      ACLs is crucial see
      <https://blogs.msdn.microsoft.com/oldnewthing/20070608-00/?p=26503>

      Also see <http://www.ntfs.com/ntfs-permissions-acl-use.htm>

Fix Cygwin's BUGGY ACL creation!

regards
Stefan Kanthak

PS: <https://cygwin.com/cygwin-ug-net/using.html#pathnames-win32-api>
    too states bloody lies:

    | The Windows subsystem only supports CWD paths of up to 258 chars.

    The Win32 API supports pathnames with up to 32767 (Unicode) characters;
    this includes of course the CWD!


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

X-Recipient:	archive-cygwin AT delorie DOT com
DomainKey-Signature:	a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:message-id:from:to:subject:date:mime-version
	:content-type:content-transfer-encoding; q=dns; s=default; b=HF8
	ximE5STS59UEJ+5D9Vw5/XnRV3YYS6RIxS/T/EyVaWUq7V5pp160KSsrdwSxB6Lr
	9KWR7pMSjqeFY7VArg/YPImVuN7TwwlL9szqBH4TstwNeqs2JwCbrh8MN+c8HHQq
	qqZ88SpyasgaXBNmc6+FWjPLnSeml7s1SyPFPcSg=
DKIM-Signature:	v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:message-id:from:to:subject:date:mime-version
	:content-type:content-transfer-encoding; s=default; bh=Fk2q8VNf3
	JsL+n+AaZO8oka9c3I=; b=myncgIBE+u6GXOLKcDOz9Zenrr9/kTDV0sYHXY8pE
	6iv7HN/41sL+DhAkYJYuUS1CbAvvKmxYGVK5OHkWZ3beQwydmeNJPeAvBeHA0GXe
	kNboqcF4a8t5Tl/hQSdhHuGDXdFNX97mjGFn66wi+mD/Cb0LBkyKzH8E5j6hPx9b
	pg=
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Authentication-Results:	sourceware.org; auth=none
X-Spam-SWARE-Status:	No, score=2.1 required=5.0 tests=BAYES_40,SPF_PASS,XPRIO autolearn=no version=3.3.2 spammy=HUA:6.00.2900.5931, Hx:6.00.2900.5931, UD:aspx, lies
X-HELO:	mx009.vodafonemail.xion.oxcs.net
Message-ID:	<2B3187EFB48B477183C355EDF9660136@W340>
From:	"Stefan Kanthak" <stefan DOT kanthak AT nexgo DOT de>
To:	<cygwin AT cygwin DOT com>
Subject:	Cygwin's ACL handling is NOT interoperable with Windows
Date:	Sat, 4 Aug 2018 19:11:28 +0200
MIME-Version:	1.0