This is the mail archive of the
mailing list for the Cygwin project.
Re: security.cc: bug report, question and suggestion
On Sat, Jan 19, 2002 at 07:02:51PM -0500, Pierre A. Humblet wrote:
> At 12:33 AM 1/20/02 +0100, you wrote:
> >I'm not quite sure if I understand. If the setgid() is made
> >while a impersonation is active, the setgid() should affect
> >the impersonation token.
> No, no, it changes the process token. syscalls.cc:
> if (!OpenProcessToken (GetCurrentProcess (),
You're right. The function should affect the impersonation token
if impersonation is active, and the process token otherwise.
> >Good question. However, I don't think it's unsafe to change
> >the primary group. If it was successful, further securable
> >objects are created using the correct primary group. If it
> >wasn't successful, nothing has changed, nothing got worse.
> Yes, but it's undetermined (except if the caller really knows
> the Groups), which isn't so good. By using myself->gid you could
> change the primary group on securable objects to what it should be.
> BTW, does the primary group need to be in the Groups there too?
No. I understand the reasoning behind your arguments now.
Perhaps you're right and we could also live without setting
the primary group.
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Developer mailto:email@example.com
Red Hat, Inc.
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html