full control for non owner and resulting 'cp' created file perms

Brian Dessent brian@dessent.net
Sat Mar 1 21:45:00 GMT 2008


Tom Rodman wrote:

> The file "zam" below has slightly unusual windows permissions -
> it does not inherit from it's parent dir, the owner of the
> file has no ACES, another user "staffuser1" has full control.

Is staffuser1 an administrator?  Cygwin opens files using the 'backup'
privilege in order to emulate the POSIX semantics that root can access
any file regardless of permissions.  But of course the backup privilege
requires the user to be an administrator so there's no real privilege
leak, since an administrator can always take ownership of the object and
set an arbitrary dacl.

This started with 1.5.22:
<http://cygwin.com/ml/cygwin-announce/2006-11/msg00034.html>

Brian

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/



More information about the Cygwin mailing list