Thu Apr 15 16:34:00 GMT 2004
On Apr 15 12:11, Pierre A. Humblet wrote:
> The problem is that I won't be privileged until write_sd.
> It may be better to first call with query_read_control and to
> retry in write_sd.
> I am wondering if we need a CreateFile with FILE_FLAG_BACKUP_SEMANTICS
> or if a simple DuplicateHandle would also work, after becoming privileged.
You could give it a test. But actually I don't understand the problem.
What does it save us? The CreateFile fails not because
FILE_FLAG_BACKUP_SEMANTICS is set, but because WRITE_OWNER and
WRITE_DAC is requested. And you can't add these access modes by a
call to DuplicateHandle.
> Also BackupWrite was not atomic, the ACL would change while the owner
> didn't. Do you know if NtSetSecurityObject is atomic? If so, the test
> if (res == 1)
> BOOL dummy;
> cygpsid owner;
> could be removed.
I'd love to remove it. I have no idea if NtSetSecurityObject is atomic,
though. I'd guess so but knowledge would require documentation...
> P.S.: I have just updated in cvs and saw your fresh change.
> Now CreateFile might be called up to 3 times.
> An alternative is to become privileged before the initial
> open, but that won't work with fchown
Why not? The code to set SE_RESTORE_NAME could easily be moved out
of write_sd and into fhandler_disk_file's fchown, fchmod and facl
methods. That would allow to reduce fchown and fchmod back to
just calling open_fs with query_write_control since that's required
for that functionality anyway.
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Co-Project Leader mailto:firstname.lastname@example.org
Red Hat, Inc.
More information about the Cygwin-developers