ntsec change needed to read one of my partitions

Pierre A. Humblet Pierre.Humblet@ieee.org
Tue Nov 25 05:23:00 GMT 2003


At 11:28 PM 11/24/2003 -0500, Christopher Faylor wrote:
>On Mon, Nov 24, 2003 at 11:06:16PM -0500, Pierre A. Humblet wrote:
>>>FWIW, the size returned by read_sd was 4144 so bumping things up to
>>>8192 was probably overkill.
>>
>>4144 IS very strange, way high. 
>>What does cacls report?
>
>  k:\ BUILTIN\Administrators:(OI)(CI)F 
>      NT AUTHORITY\SYSTEM:(OI)(CI)F 
>      CREATOR OWNER:(OI)(CI)(IO)F 
>      BUILTIN\Users:(OI)(CI)R 
>      BUILTIN\Users:(CI)(special access:)
>			FILE_APPEND_DATA
>   
>      BUILTIN\Users:(CI)(IO)(special access:)
>			    FILE_WRITE_DATA
>   
>      Everyone:R 

That's 7 ACE's, each with a short SID. Ballpark size
should be < 200 bytes. Something weird is going on.

Also      CREATOR OWNER:(OI)(CI)(IO)F 
doesn't match   default:user::---
We may be forgetting flags such as GENERIC_XYZ

It surely would be interesting to dump the sd_buf
from gdb. I don't doubt that Corinna would look forward
to decode all 4144 bytes.

I vaguely recall seeing a strange sentence on MSDN, to the
effect that extra info can be hidden after the SID in an ACE.
I wonder if something like that is going on, or if there is
just a lot of garbage in the tail of the DACL.

The max size of an ACL is 64k, and the SD is perhaps a 100
more. Should we just bite the bullet and go there?

Pierre



More information about the Cygwin-developers mailing list