Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Message-Id: <3.0.5.32.20011229152301.0083a1f0@pop.ne.mediaone.net>
X-Sender: phumblet AT pop DOT ne DOT mediaone DOT net (Unverified)
X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32)
Date: Sat, 29 Dec 2001 15:23:01 -0500
To: cygwin AT cygwin DOT com
From: "Pierre A. Humblet" <Pierre DOT Humblet AT ieee DOT org>
Subject: security.cc: bug report, question and suggestion
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"

Bug in security.cc:

The intent of open_local_policy() is to return an INVALID
handle if the call to LsaOpenPolicy() fails. Unfortunately
the failed call changes the value of lsa. The fix is obvious.

Breakpoint 3, open_local_policy () at /src/winsup/cygwin/security.cc:183
184       LSA_HANDLE lsa = INVALID_HANDLE_VALUE;
(gdb) s
186       NTSTATUS ret = LsaOpenPolicy(NULL, &oa, POLICY_ALL_ACCESS, &lsa);
(gdb) p lsa
$19 = 0xffffffff
(gdb) n
187       if (ret != STATUS_SUCCESS)
(gdb) p ret
$20 = -1073741790
(gdb) p lsa
$21 = 0x0

Question:
is the Policy Object only accessible by administrators 
or is there some ACL that can be set? I was unable
to find info on the Microsoft site.

Suggestion
In cygrunsrv.README, could you add that the user specified
with -u must have the "Logon as a service" privilege?

Thanks

Pierre


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/