[ANNOUNCEMENT] TEST RELEASE: Cygwin 2.0.0-0.7
Achim Gratz
Stromeko@nexgo.de
Thu Apr 23 18:45:00 GMT 2015
Corinna Vinschen writes:
> You may be right here. The problem is that we have two kinds of ACLs
> to handle, the ones created by Windows means, and the ones created
> by recent or older Cygwin versions. It's rather bad that we can't
> distinguish them.
I thought that this was the point of the NULL SID ACL entries?
> But then, how do you check an arbitrary ACL for the effective rights
> it creates for all affected parties? I may be missing some API function.
> but I don't see a Windows function generating some kind of effective
> ACL. There's only the function AccessCheck() which gets a token and an
> ACL as input and then tells you the effective rights of the user with
> this token. This gets very slow and complicated, very quickly.
Right.
> I hate to admit defeat, but it also seems that the method I used to
> handle real vs. effective rights just doesn't work as desired. In
> theory we don't want the DENY ACEs having any effect before visiting the
> ALLOW ACEs.
[…]
I don't think the ACL rules on Windows are made for that due to the
early-out aspect of their semantics.
> This needs yet another rewrite, but this will take a lot longer than
> this first cut. I guess we should create a new Cygwin release without
> this new ACL handling change for now to get the bugfixes out.
Yes, getting the fixes out and shelving the ACL part for some
re-thinking seems like a good idea.
Regards,
Achim.
--
+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+
Wavetables for the Waldorf Blofeld:
http://Synth.Stromeko.net/Downloads.html#BlofeldUserWavetables
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
More information about the Cygwin
mailing list