X-Recipient: archive-cygwin AT delorie DOT com
X-SWARE-Spam-Status: No, hits=-1.9 required=5.0 	tests=AWL,BAYES_00,SARE_MSGID_LONG40,SPF_PASS
X-Spam-Check-By: sourceware.org
MIME-Version: 1.0
In-Reply-To: <20090811114820.GE3204@calimero.vinschen.de>
References: <e2480c70908100619m906f5dfj794823f22c7604bc AT mail DOT gmail DOT com> 	 <20090810132515 DOT GP3204 AT calimero DOT vinschen DOT de> 	 <e2480c70908100911j520101cftbaf4dc3eb08b109e AT mail DOT gmail DOT com> 	 <20090810164057 DOT GV3204 AT calimero DOT vinschen DOT de> 	 <6910a60908101701m77bcb1b3x55e48d028bf35ef0 AT mail DOT gmail DOT com> 	 <6910a60908101949k5f2ce354p1ccda7f2acd9927f AT mail DOT gmail DOT com> 	 <20090811070045 DOT GZ3204 AT calimero DOT vinschen DOT de> 	 <6910a60908110344n56b7a7f9j9ead9ceeae6a1608 AT mail DOT gmail DOT com> 	 <20090811114820 DOT GE3204 AT calimero DOT vinschen DOT de>
Date: Tue, 11 Aug 2009 16:01:19 +0200
Message-ID: <6910a60908110701i67cf934bg841661a92c2ef60@mail.gmail.com>
Subject: Re: Perl bug (was Re: [1.7] cygwin allows writing to readonly files)
From: Reini Urban <rurban AT x-ray DOT at>
To: cygwin AT cygwin DOT com
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
X-IsSubscribed: yes
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
Precedence: bulk
List-Id: <cygwin.cygwin.com>
List-Unsubscribe: <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

2009/8/11 Corinna Vinschen:
> On Aug 11 12:44, Reini Urban wrote:
>> 2009/8/11 Corinna Vinschen:
>> > That might be a good workaround nevertheless. =A0You should just test =
the
>> > list of supplementary groups as well, along these lines:
>>
>> We already have an ingroup() check in this Perl_cando() function, so
>> there is no
>> need to write it again. But it is disabled in perl core for this code pa=
th.
>> See http://perl5.git.perl.org/perl.git/blob/HEAD:/doio.c#l1929
>> It would be:
>> =A0 =A0 if (ingroup(544,effective))
>> =A0 =A0 =A0 return TRUE; =A0 =A0 =A0 =A0 =A0 =A0/* Administrators read a=
nd write anything */
>> but this is simply not true, as under unix. Windows Administrators
>> fall under the same ACL restrictions as normal users. So only using
>> access() is reliable.
>
> I don't understand what you're tryin to say. =A0The members of the Admin
> group have always write access to files due to the SE_BACKUP_NAME
> privilege enabled in Cygwin.

Okay, then the ingroup check should be used.
Thanks.
--=20
Reini Urban
http://phpwiki.org/           http://murbreak.at/

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple