Mailing-List: contact cygwin-developers-help AT sourceware DOT cygnus DOT com; run by ezmlm Sender: cygwin-developers-owner AT sourceware DOT cygnus DOT com List-Unsubscribe: List-Archive: List-Help: , Delivered-To: mailing list cygwin-developers AT sourceware DOT cygnus DOT com Message-ID: <37A8114F.9101F2AE@vinschen.de> Date: Wed, 04 Aug 1999 12:09:20 +0200 From: Corinna Vinschen X-Mailer: Mozilla 4.6 [en] (WinNT; I) X-Accept-Language: de,en MIME-Version: 1.0 To: Chris Faylor CC: cygdev Subject: ntsec: patch 9 Content-Type: multipart/mixed; boundary="------------D25C5E0F8D50396741D3AFBE" This is a multi-part message in MIME format. --------------D25C5E0F8D50396741D3AFBE Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Hi! I have patched security once again. The worst thing was a free() on stack memory (Puh!). ChangeLog: ========== Thu Aug 4 10:28:00 Corinna Vinschen * security.cc: Erased MALLOC_CHECK calls. (lookup_name): New function simplifies the retrieval of user and group names. (alloc_sd): Calls `lookup_name' instead of `LookupAccountName'. `system' gets no special permissions to files anymore. `administrators' only get restricted permissions instead of full access. ACEs are generated only if the permissions are != 0 for that user/group/other. * shared.cc (sec_user): Calls `lookup_name' instead of `LookupAccountName'. 'free`-call on stack space eliminated. * winsup.h: Declaration for `lookup_name'. * doc/ntsec.sgml: Adapted. The permissions to administrators are restricted to the following: read permissions take ownership This behaviour corresponds better to the typical WinNT settings: No admin should have the right to change my files. Only actions are allowed where there remains a fingerprint of the `evil-doer'. A special case is, if I'm logged in as a user with administrators as primary group. The settings should give more permissions to the other admins to support better the typical behaviour of NT: As you know, if one is member of admin group, all her files are owned by the group instead of by her. This is not the case with ntsec but the other admins should have easier access to the administrative files. So in this case the admin group gets the following permissions: read permissions write permissions write owner write ea also in the case, where group permissions are set to 0. Caution: The primary group is taken from passwd file (as before). This is more convenient on workstations outside of domains because the primary NT group is None (513) for each user, including administrator (500), too. This can only be changed in NT domains. Best Regards, Corinna --------------D25C5E0F8D50396741D3AFBE Content-Type: application/octet-stream; name="ntsec-patch9.bz2" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="ntsec-patch9.bz2" QlpoOTFBWSZTWUuFIEcAEVV/gH92RLhz///////f7v/v//5gGVwBpvvuDavMvYsaypZ17e92 d5nrCAB71HUKoEnQ1zW9uckzdzz1l53Td2uqCi7dBXVa5OjbGnRYaBECZGENJ6JtKaepobQR o9QGTQAB6gAAAAJTRAICQNTVN6p4ZCnqPTEyn6phGQek0PUAD1ABoADhiNNNBoA0AAAANBkG mgaADRoAxDQCTSSQQEE2qHplNkyagHtKeKYgyAAAAeoAeoNARJI1T0qe9JqT9GpqfqNJoep6 jRpoaA0aGT1AaNGgDQHqDQAiSJMmgTTRPIjJoyIyaaaU9TzRNNIHqNpHqYmgADTyjTT5BxDt gCwkkGSd8qsiIinewlUVmTMWVkyIog3ByVKKYmNisVDGWy+H5fzPF+g/b6ml4cZOKPI2KwGL 45Pf+K9CletXzO+mjD+33v/Gs2n1U3TuMs3IKcGQ/Uk1qmvfuIqqojIvl/h5jecWcE9SBw4Q 00Yep5ufdheg6ceBZjKVKs9G714Kb9u3t3NtRUU3s428mr2LYb6Xq6MMRXe9fPrOfmsxUUWt MuOPD2M7Pruw4cN2uZA6Wp2GvQgoNI07IzGAjKbqGnUF5Lt8OpvgahVTygslJ6CH5/AFOlcs tt+j2RvDnz6Z7g3JAFZcGZ2qahMDpZ2oK4FKa9hKvZYs1qybJsl5AN22jZNyiqw0YmsmsDI0 crpMMKGRQevlFtN4I8OcFaS/JfiiXpPV00zcLpgLznY2jWi5WNvq679AZ7gn4hAQX5EEkF7A kIjxQELEYoisOQIQDQyRhtCmigo9s0QRArJNaFFBQUUy1aWxVKGMiSIgskMkxEYjIiEoyrHE KsbkUCIyKBDwbgMGQ07FpZCDC1aYCrmNMly2tMpalwwxUZcaLYhgtbcpWBkSsHLMgfvD6+vz W5H/fVTwPL+fbYPwvrlkxMWJ59ahrMcDQBECS7wtL+yK7nPz3cDnGbmrqhHkEoxkQ0xeV6Q1 MuOEx/oskDAdVaA/A9BkmyXXzCAZf7ghey85wY/IcN9ISZDBJQUSSiA5fSRbi9MM3mLAQFN/ J83dyeNBoP2bxXaad9BDBskmqtOqcdXZmZx4z1S2++8hIqvZ79YB3lWkL2RB78fMGpDb5T+o brUoF/9DpDsDo9cT2kfhDP74Hp4hsNkhf2MoLA9ITuLmyv/i6d/pfLU+bxcCyfU77agWE2aC /Y0yrjO/Hr/7SU1yWaKaFGhlU7Ow7bUHGZgYPMiXHEFMlRjCiGWsFnIaa1toMnGJN0j12KSL cohoTHFlyEgkhBNF+wDR5+jUWcyL1ZWUSs3SaqNkHC6xhCaPQG7H8cq0YvvNLzEX3DUCVSGx pz0Yrlr2u2xhiZs2uPN2DyW6qWqMk28/gLci34EKgng3Pasm54XEYUQSVGUbUUE0ryr19iXv rkxPjdwwm15kBk2Su9/LGLdv8e05b31yPr3ObPrbuVN6bkZ7yjV/y6WAKpkkzUhhXdQzVNT0 dPdtZq0dWHZnb29GwGtiwLhyWiogukx4rfAFHhok5z3UX0VWzSPWDA7TnpryNtV3UsXeUb9X ZRD6CM5SPEHVhLoevdk2dMUO8cprrnrw6dtfc24bszE5GRDcacSSnNFETVYoQRRgJgWaSXCa dDLdkdbkWfTP9IIRs3BSVmQnhr5pBSXTN5kw0CJIBvz1K6+ho/FU4G0FDzp37nf2EnefHS20 gzU0arGCuGHH5DllYqvbbnjnSxATQhQCpGYCTX0h8tOZZ0y25z2djJnkmBi9HGMdQRTJ4xjH ixsb7pO/OlENz6M2QeBGb0bieAqRHLEk3XFNK5vYPByVod7npV51alH9y1eucUsyndVHrCE1 JjER1mgBlIG/j3uuwCiiuuO6+egXNEugAsxYhygEHz4/ZMNIpthxD16gL/3uHVQ8QgMikISa Zt9UDb+FBCB9vfPx3FzX6qL2qtZqWRSQjFgh14HgYNhnrsUPlh9n32LWtSndiBdILsM0+qjl Veo+nQIPxEUukDl113+EklDx8KUM4SdDAIiiiQOMGRagiE8TxfBIggYkUJEYTiPF/ejDdLz4 8HCeF1K/fmp9qO/w1fBpfE2k78EZL+ghav5Crq6ckbvTxCTjPN7iYWTpWbXw+w4CG0RR59qZ 5KCplFxIWN5RMhMYGB4qPTem97/BdjV5puqPoVKZbDi43zaOWaZDtM6RNA/JzA0kLLyPaUZT s/co9QpNTU6O8hRywVkpvaQ9uiZmolNxQh5SkpjkVndUmVk8Qn+Tj9bvk+YlSQhGIFd+q4/z zMFX0lQca/HrNofhli++QkTFKFCAHLbu4b+jhe9uWBheSi/aYWDCEwowjD4rlPnwOWeHqPMH kpdDD9MIYOf7oX7ubys1mZ6rXr4HrhBomPxqx1rfDMaxAKq52UZ2+lzzDmx5mH/5s3waGRwZ 3qlwwBkWrSQxknhafLMabMqUCOEEBwucGZdYw2G9xWUiHBJCTmuXHR2ageryZPQHpqOXGdaU nEq1d/z2idSyverxEVvOKTrZUpMlek6PMnjfCcuo6e9EE8H3MGfbAsFhU5BxHkUHYUdnHEMQ evI5dvZ/Bf7nt6QQ5XyuP9c8p8+ZCSQlngnFMvnX513+6Htg9EkO4DzgaQ54H7GjAOIV0R8I yB5m2ARaCi95GafC/dgjPRgHMGU28MBK8VCxMDUK2kxkJndIQv0BdBKZ2QCICedvG75vUBvS FQ6QsHsGLmWmlWD5mTcamzp20eBQUjllK/I5Q5ZRamwGGHYLuFGnbUOaOp9qTyHIxphzWlKR KrPNbFN6SnrKWT49doW3Dc0eU582NBe9rupU3bhHCmV8WpBloEm6H1MPa6x8PINmtQ0qpJaO 9VrrERtKtc9ba4usXTxBZnpOcEpWMMzVvJ8PfFtYyuRwkSrkW3TEYuDJsMrWhPlk8KE+C9mm rpixfOjviwEkFyhmSnlN4LXyxi85ZgzvlOQGAmDQcve49708ztKTkMgk/3kJloZBuIfbhJL4 z0n3PM8cPwu+ih486AmkyDZ14Z+jt9dDiJqrIiMKDi5lMejYleNdZQCXbSGjK3huYk+VKpBq mcs7oTdV6RciM5GlnzvDwyTJNk8910jVFuuV8+zwuwhw3usWy2b3Qw3m2YlaqJJ0KS9zQZHD p9HPLOGR0OowD5fnoUkPpGJiWCxhSsSkPGCQ8oaCfnnjIiQ0lgxHvAgXEChA3j6YGo+/rDjS BP27mD2MB3FMk8GQHgUSAfyp6gXuphmpyT3CydFT0VYnIMHoj5JqTnDwqV0OUa81LUkneTi8 bHlmufa+o1wB/uA1Uc4A8UUoHFMR+4MFC6iaUDHtQ913dmguM0NRhUWRqMc2y0lhIVJbqkjC M1njUmaQXUUSJvA2rnogZqex2qcW5s8kDnSl/AQlDCz/gEY8e7AwMJCqhVYSsuPOGwHSfrUT 8UxE7g/8XPi9PnE/tV9zxKgBqEiUYhJghzoZCby6gxUskCK3px3wwA2mZAw/yg+CDyIiwPvA 4pu4O1XyBzYo9FbBz/jgHmJP0D03TwDrUTUJE2I4PMOgzV6pE5F4t+IVEe6DmXDBHyJ7HIF6 PQmhTjpXIspisKQSBzJlT+r4ub9m8nuD19V5D3JqDgonSyEg+daeFA1A7O0DpEgLgnIhBJGK DwDQomqLi1dSrZDsAwXYk9k+SKJ5tKbV2eILA9bzK3TCCcybQ03S9GuO4CNsXajxL7GJyzUT qA7XWBmt+CeIDDmEJnptVVddbu9MxKwf86Rd14rIxIkE0kG84Po7PIbNYc81ml4LHSChDapz lLxa1WS6uCORwCG0S4nsDE8DICgLpn8zfydKYGoIO6Ie304FUwKdgcVObcBeKkflhuX7zFzQ uP7kFqGwGgEgGdjQ06AN5s/Eb1gIdmgOz4jI+jscx+HyRNqm5Od7noCjCkuFkiHjHu3TqOkz iXA0+xHWtek5agTsTH4umnp4B6fQB3a1dD1HzahNgZZeFw+FNO55L4gPEfH1Lhup+YQsbULk CNbF9J13C5RHUG5qMJLbWCYB8T1U7Qdgn5vUeg9viOX3bFEIGHi6U2DEniAE3wnjUSl9MSIQ KCK/VgGhOSXsCYhT2TeaRFXjuYbpoQO/9vhDUED43X5p6/96K9YHUgJE9nwfa6ia2fOyZD3L DID7q7w9D53kDi/CO4JWMGQNGjKfaIQi44N2NzdyA8wTdnMHk2S1Ft4WGucQxbRWJbYxgW0Q lx0XDKwuTaLIzOqDM3CaUq3zP/C4IppQfvg4v170Q1cysbcLkMFGDEaGhgle8QPeBPukPDNE NInfUYbACyRM7gF+t71G3bvEe6PBROE74H8dmfkGjFYhyzxtEqFPnLSHSlJFJIX476Yh2mFh Q40rXFslzzbWSwGujPWGGWgbYTwDZjhoO9cl4n2xA5K9UL3vP5bJ5p9O5Ogt4xmES0dJ6q9d iuemQo3oMTxiDDtjoZN8DFk1waIlBzBSwCyNbltHE5LyQchx7am8gnKpEisTbSBQMGBg5oMg sDV1l+GfIiBIPCPrYGO/FKJqhIA3DEWSRhzh8GxB5nxTgjtDXvip/oG2s+HABSE6Im8Dy0rB PxbjexPC0rQ23lUzA2GQ2GTck3IaHBgZVskFgQhcY1NqllLYLgpiwG1wg0Ls1n42MOAiETtb bwJto0ewBvLjZyK4w5aVjIiMWqBugZbBeeaOPPkwQ0qGD1wP2/t3lrWp4Tu8yxaApCI5Z/Bh 3vj8h6AqHhwRL+C2Gy0SFmh81qI/vPps9rL0OHy/Qd0GCTyu7EeSpWTU9sm4XxMMCmqhE64l NDuTpN5vEWRZ7OxqzGZOIIEyGWkjaOyitymYiYwlN7QNKzYjjrbekEkEV0cJsoQkycTWsw9m gJFiblgKtRbhd4fW5GwKXYHuGJb+KDonag5qmHtu2Q+xTZqmNbbB3QxT41JljqxfEXSwaV5y TAKTAcUwDobmdw+QCppGXMMxjWmleElw2xJqVaQCRal7CZ2qJgrhpjjSkB490vfa6D2XVvFn Qn0UYFk9h3iAeX0VUxziwhIvdQNoiqTmA0LBkGLNQoHJhCgYDO3aiyr9OrfuC4b24c/Mmh0K BQjDcgQBjAFkUO4FUl9Lapo9raPTBId3DeG8M0a1w8TJ7g0katp90Q5pGHF6BA6XyuKblYvl xTNB0voYjnAe9C1qIRJF3a7pZA0Y4sbh6vQ3moerhjAcSbAc/NNryBxCF54eAIZQlUzo6UgP tfNIb97sbRltGGIGRoQwlxQpLLaPPKU96MisLX0lVPXnLejrbzC2cDTJYobGFByEH1evy3NC h2k+CJA9EBuMPkoYkDTBYRBA0QsiUOR9vYhew9aaFstjCCGnprYPz5h3+XsLMpqQqSVIpVZn xYYZqwtzK5ctrgq1h5IcA6nW6zhB/UxjIQQPjYm8NJ7iBXc2jALy+WWIadRx0OnJcpY6kICd gQ6AXHQbhqEi6jXgjqDEssEuGamtf14vsNFbCKTANOBhgloA8tdOtOsIbQlRB6t53kmZry8i uhIMOYImJmUjaWAglg6PEmraaR1u5gQnY4Wd4OaTaSy1URVWqlUoc23A3J2edMDe6MqLDjED 61IYAXnQlJ9kD2d7gjmGJpsUdN2CUxoIpvyLFxQr1zephAIp2pigfLnoLaSqQOaj80y4BoCl NAUIWHatzRz9eGtCGjv0DA18dsN4AoUYOMOpz4jYSS8qHSHF7tMbIBLGYO0ZDBlq3skoU1mv PTMSQiyZgx1sAuEyU1zJxGPYMkLzIzaVLCNokiWGRGoXEiXG4LNBcD6yoVd2nX3KQ8CAc1u7 h57YGuFETDqDxic4HVbnFN6HMGnFPDUiackYn8LQJ4RA4BmSVKJ2Fs4skDNMBNAru+hW49+o bhvGbKLWAxN9PSPSuiw5TS6dbE7+0DmzNPHzu1U3CjvNRv2I8H4CcYVGT8n10+ROmHbDOhM4 12qWgiq+O8xuZmxE+ewNdleTLQAFo0e3feRDYjuoPedvFPzgeFl7qknkjaBPAZkwowai85aY KU5WSYwhxCNAQdAQXBMV7UgmBYvVJIa+ZntHdPa5Zuh4O7uwScO3agsqPpCncD6g06/R6da1 Je9ql4Jv4cwg85A6wXkjg/D+kgRIdTiwYxS4UBijZSQQyjvg+/eMdg57QmH5jIWRkVDLSjnI k41uTIq7ynqnojrtNbEoGmT92ROsve85ekibjuUXg+fkjbDlhBjhghlV64k+ukyO2QzWYTGN jDEOxCTsm8eTkA3bcpsnA+FpHvA6A75+UIaGoeo+TN6Cmk6nrXcAZDkB7/bV9wUaFHnp74Bj DdzCV9ibGg5eqm0Ce8lGHbgwqCw4NZ9HzrQ2YGiEhIQwXetBn0PHyBFMbwhJDD4YGRAfshy6 5XXzh7wwVTPWpNip3ZGyx1gWMcV2oWkkqYITdypORvzC2DoXTrXjQfXHU+PTbECLAxMmzeU8 VE/enIIUVxlBid2ZBQQRkO95crxdbwZ1IQwkQESRIcbCUSQWBqrZcNJcmOaLYgwMcLC2TAsQ DymqZUYicAyiZoBY85nnQkyVdWNJkOgNRqzts06kycwIfTCQPIjniYjMc1ugfU0IMBAVwQ0Z AENBZgZkAE0lDMNwAMu0Nnn/eBsHw8SbP0fQDzRB3mzmOuL7yUuvaaj5Ojuq5oxKFTWhD4wS QYi1A4gmwAPf92IZGrftJJBLE6tima1R88dhzBxcRfgKnHbDr4tBgQL7w8rwuSicWqLV02U8 uIeoIEuVfCfkkihyv0niCg00bDzny7A9MQmnt2J2HG51Qwo+As+OAnNw0G+7/JEYEu6AgGT3 xM+oRMvYeXshR3DubcUwDCsb0V30svXhRBqWgif9/izWnMsOzuz3nKeIKFAk7ONDomH/xdyR ThQkEuFIEcA= --------------D25C5E0F8D50396741D3AFBE--