Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Message-ID: <3C506701.A334DC8A@ieee.org> Date: Thu, 24 Jan 2002 14:56:49 -0500 From: "Pierre A. Humblet" X-Mailer: Mozilla 4.73 [en] (WinNT; U) X-Accept-Language: en,pdf MIME-Version: 1.0 To: Corinna Vinschen Subject: Re: security.cc: bug report, question and suggestion References: <3C4EFF65 DOT FF7BA4DE AT ieee DOT org> <20020123194126 DOT H11608 AT cygbert DOT vinschen DOT de> Content-Type: multipart/mixed; boundary="------------6EDF6C45158B655707F32FE1" --------------6EDF6C45158B655707F32FE1 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Corinna Vinschen wrote: > However, I've just checked in a change which should create a useful > DACL for the primary token created by DuplicateTokenEx() in the > create_token() function. It uses the function `sec_user()' which I > once introduced to set security attributes for CreateProcess calls, > etc. Could you test if it now behaves as you'd expect? Corinna, It doesn't seem to do anything (see attach). What does it do for you? I am pretty sure (used gdb) that I am running your latest code. NT4.0 Pierre --------------6EDF6C45158B655707F32FE1 Content-Type: text/plain; charset=us-ascii; name="out.txt" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="out.txt" gid was 513 setgid returned 0, read 1005 uid was 500 setuid returned 0, read 1004 USERNAME testuser /******************* Token Start ****************************/ /******************* Token User */ PHumblet ASTRALPOINT SidTypeUser S-1-5-21-2127391503-1594901184-99485923-1004 /******************* Token Type */ TokenImpersonation /******************* Token Source */ Token source Cygwin.1 /******************* Token Security */ *************** SECURITY INFO START ************* Owner: Administrators BUILTIN SidTypeAlias S-1-5-32-544 Group: Domain Users ASTRALPOINT SidTypeGroup S-1-5-21-1391547877-877281485-1846952604-513 ACL: 0 Administrators BUILTIN SidTypeAlias S-1-5-32-544 ACCESS_ALLOWED_ACE_TYPE TOKEN_ASSIGN_PRIMARY, TOKEN_DUPLICATE, TOKEN_IMPERSONATE, TOKEN_QUERY, TOKEN_QUERY_SOUR CE, TOKEN_ADJUST_PRIVILEGES, TOKEN_ADJUST_GROUPS, TOKEN_ADJUST_DEFAULT, DELETE, READ_CO NTROL, WRITE_DAC, WRITE_OWNER, 1 SYSTEM NT AUTHORITY SidTypeWellKnownGroup S-1-5-18 ACCESS_ALLOWED_ACE_TYPE TOKEN_ASSIGN_PRIMARY, TOKEN_DUPLICATE, TOKEN_IMPERSONATE, TOKEN_QUERY, TOKEN_QUERY_SOUR CE, TOKEN_ADJUST_PRIVILEGES, TOKEN_ADJUST_GROUPS, TOKEN_ADJUST_DEFAULT, DELETE, READ_CO NTROL, WRITE_DAC, WRITE_OWNER, *************** SECURITY INFO END ************* --------------6EDF6C45158B655707F32FE1 Content-Type: text/plain; charset=us-ascii -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/ --------------6EDF6C45158B655707F32FE1--