This is the mail archive of the cygwin-developers@sourceware.cygnus.com mailing list for the Cygwin project. See the Cygwin home page for more information.
Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]

Patch, Version 4: Unix-like permissions on objects [was Re: b21 -- various small issues]

Chris Faylor wrote:
> 
> On Fri, Apr 30, 1999 at 04:25:23PM +0200, Corinna Vinschen wrote:
> >Has anybody fixed the chown/new headers problem in the meantime???
> 
> The last I remember, Anders didn't see any difference between the
> old/new headers.
> 
> I would very much like to get your changes into B21, though.  I don't
> have much time for cygwin right now, though, so debugging this problem
> is not feasible for me, unfortunately.
> 
> -chris

Hi Chris,

I have rewritten my security change. The remaining problem with chown
is solved, it was a stricter security behaviour in SP4 vs SP3, and not
Anders headers, as I suspected (sorry Anders!)

The file security.cc is now very different relative to the older version
because BackupRead()/BackupWrite() is used instead of GetFileSecurity()/
SetFileSecurity().
The function chown() in syscalls.cc is exclusively implemented by calls
to get_file_attributes()/set_file_attributes() now.

Another problem is also removed in this version. The function
GetFileSecurity() crashes on FAT and Samba file systems. The use of
BackupRead() prevents this. The current version works ok, samba
refuses (correctly!) the setting of owner/group/file modes.

I have carefully integrated the change into winsup-990430, I send the
patch file as bzip2ed attachment, because it's more than 40KB.

The NT security is coupled to the new CYGWIN option [no]ntsec.
The option [no]ntea is yet legal and does still work!
So everyone can decide self, how much UNIX-like security he/she wants.

As alread written in January: Well formed /etc/passwd and /etc/group
files are essential, to get the expected results. Especially the
attachment of users to their primary group is very helpful!

Example:

	/etc/passwd:
	============
	everyone:*:0:0::/tmp:/bin/true
	system:*:18:18::/tmp:/bin/true
	administrator::500:544::/home/root:/bin/sh
	guest:*:501:546::/tmp:/bin/true
	administrators:*:544:544::/home/root:/bin/sh
	corinna::1000:547:Corinna Vinschen:/home/corinna:/bin/tcsh
	ftp::1001:545:anonymous ftp login:/home/ftp:/bin/true

	/etc/group:
	===========
	everyone::0:
	system::18:
	none::513:
	administrators::544:
	users::545:
	guests::546:
	powerusers::547:

Best Regards,
Corinna


ChangeLog:
==========

Sun May  2  2:00:00  Corinna Vinschen  <corinna.vinschen@cityweb.de>

	* security.cc (ReadSD): New function.
	* security.cc (WriteSD): Ditto.
	* security.cc (get_admin_sid): Moved from shared.cc.
	* security.cc (set_process_privileges): Moved from syscalls.cc,
	shortened, changed return typ to int. Sets errno now.
	* security.cc (set_file_attributes): Return type changed to int.
	* security.cc (get_file_attributes): Ditto.
	* security.cc (set_nt_attributes): Ditto. Cares for setting
	of S_ISVTX now.
	* security.cc (get_nt_attributes): Ditto.
	* syscalls.cc (rel2abssd): #if 0'ed.
	* syscalls.cc (set_process_privileges): Moved to security.cc.
	* syscalls.cc (chown): Rewritten.
	* syscalls.cc (chmod): Changed call order of the functions
	set_file_attributes() and SetFileAttributesA().
	* fhandler.cc (fhandler_base::fstat): Changed check for
	return value of get_file_attributes().
	* ntea.cc (NTReadEA): returns TRUE now, if allow_ntea is unset.
	* ntea.cc (NTWriteEA): returns TRUE now, if allow_ntea is unset.
	* shared.cc (get_admin_sid): Moved to security.cc.
	* path.cc (symlink_check_one): Changed check for return value
	of get_file_attributes().

Sat Mar  6 18:30:00  Corinna Vinschen  <corinna.vinschen@cityweb.de>

        * security.cc (get_world_sid): Rewritten.
        * security.cc (world_full_access): Deleted.
        * grp.cc: Use gid 0 as default gid.
        * grp.cc (read_etc_group): Look for account name of world group.
        * fhandler.cc (fhandler_base::open): Call `set_file_attribute'
        only in case of disk file.

Fri Feb 26 00:44:00  Corinna Vinschen  <corinna.vinschen@cityweb.de>

        * security.cc (get_file_attribute): Patched incorrect test
        for symlink.
        * security.cc (set_file_attribute): ditto.

Sat Jan 30 02:12:00  Corinna Vinschen  <corinna.vinschen@cityweb.de>

        * security.cc: Special handling for user and/or administrators
        permissions to write (extended) attributes.

Fri Jan 29 02:12:00  Corinna Vinschen  <corinna.vinschen@cityweb.de>

        * security.cc: Don't allow 513(none) as user or group.

Thu Jan 28 11:00:00  Corinna Vinschen  <corinna.vinschen@cityweb.de>

        * security.cc: new functions `set_nt_attribute()', `get_nt_attribute()'
        and `set_file_attribute()' with additional parameters `uid' and `gid',
        to support real NT security.
        * winsup.h: Prototype for `set_file_attribute()' with four
        parameters.
        * dir.cc (mkdir): Calls `set_file_attribute()' now.
        * syscalls.cc (chown): ditto.
        * syscalls.cc (chmod): ditto, with correct uid/gid.

21 Jan 12:30:00 1999  Corinna Vinschen  <corinna.vinschen@cityweb.de>

        * shared.cc: New function `get_admin_sid()' to get a SID
        of the administrators group or of administrator.
        New functions `sec_user()' and `sec_user_nih()' to get
        SECURITY_ATTRIBUTES with all permissions for the user and
        the administtrator group.
        * shared.h: Prototypes for the above new functions `sec_user()'
        and `sec_user_nih()'.
        * sigproc.cc (getsem): Create process semaphore with
        permissions set by `sec_user()'.

ntsec-patch.bz2