Mail Archives: cygwin-developers/2001/04/18/06:05:38
On Wed, Apr 18, 2001 at 10:54:06AM +1000, Robert Collins wrote:
> This is just a follow up to Egor's proposed server for handle control.
>
> I have done some basic testing using
>
> DWORD sd_size = 4096;
> char sd_buf[4096];
> PSECURITY_DESCRIPTOR psd = (PSECURITY_DESCRIPTOR) sd_buf;
>
> psd = alloc_sd (getuid(), getgid(), cygheap->user.logsrv (), mode,
> psd, &sd_size)
>
> and then
>
> SECURITY_ATTRIBUTES sa;
> sa.nLength=sizeof(sa);
> sa.lpSecurityDescriptor=psd;
> sa.bInheritHandle= TRUE; //or FALSE as appropriate for the handle
>
>
> This gives you an custom security attributes structure the appropriate
> win32 style permissions to match the mode , user and group you passed to
> alloc_sd.
>
> if psd is NULL, (ie running on win95) the OS will operate correctly.
>
>
> I'm currently building testcases for mutexs in shared memory, which is
> how I got onto this.
>
> security wise, on win9x, there is no security, but there isn't anyway -
> any process can open any shared memory area and so forth (ie it doesn't
> matter how many layers of abstraction you put on it, someone with the
> source can iterate through all the publicly available structures).
>
> On NT/2K, it should give exactly the desired permissions, no more, no
> less.
For that purpose there are two functions declared in security.h:
PSECURITY_ATTRIBUTES sec_user (PVOID sa_buf, PSID sid2 = NULL, BOOL inherit = TRUE);
PSECURITY_ATTRIBUTES sec_user_nih (PVOID sa_buf, PSID sid2 = NULL);
For the usage have a look into sigproc.cc, function `getsem' or
fork.cc, function `fork_parent'.
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Developer mailto:cygwin AT cygwin DOT com
Red Hat, Inc.
- Raw text -