This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: full control for non owner and resulting 'cp' created file perms


Tom Rodman wrote:

> The file "zam" below has slightly unusual windows permissions -
> it does not inherit from it's parent dir, the owner of the
> file has no ACES, another user "staffuser1" has full control.

Is staffuser1 an administrator?  Cygwin opens files using the 'backup'
privilege in order to emulate the POSIX semantics that root can access
any file regardless of permissions.  But of course the backup privilege
requires the user to be an administrator so there's no real privilege
leak, since an administrator can always take ownership of the object and
set an arbitrary dacl.

This started with 1.5.22:
<http://cygwin.com/ml/cygwin-announce/2006-11/msg00034.html>

Brian

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]