[Patch] *** CreateFileMapping, Win32 error 5. Terminating.

Corinna Vinschen cygwin-patches@cygwin.com
Thu Oct 16 15:56:00 GMT 2003

On Thu, Oct 16, 2003 at 11:47:51AM -0400, Pierre A. Humblet wrote:
> Corinna Vinschen wrote:
> > 
> > On Wed, Oct 15, 2003 at 10:22:35PM -0400, Pierre A. Humblet wrote:
> > > 2003-10-15  Pierre Humblet  <pierre.humblet@ieee.org>
> > >
> > >       * syscalls.cc (seteuid32): Always construct a default DACL including
> > >       the new sid, Admins and SYSTEM and copy it to the new thread token.
> > >       * security.cc (create_token): Use a NULL default DACL in NtCreateToken.
> > 
> > I assume you have tested it also with an external token, don't you?
> > I'm a bit concerned that the code also tries to modify the external
> > token.  Is that actually unavoidable?  Isn't the problem just a
> > typical problem of a self-created token?
> Yes it has been tested with an external token. We already touch the owner
> and primary group of the external tokens, the dacl is just another item.
> It's needed with external tokens to handle the following type of cases.
> A user in the admins group telnets into the box, creating a file
> mapping with access by admins and system, but not by his sid (without the
> patch).
> While he is logged in, some service (exim, proftp...) creates a 
> setgroups(0, NULL) + seteuid() process. That process may not be able
> the access the file mapping (without the patch).

That makes sense.  Ok, commit it.


Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                                mailto:cygwin@cygwin.com
Red Hat, Inc.

More information about the Cygwin-patches mailing list