[ANNOUNCEMENT] TEST RELEASE: Cygwin 2.0.0-0.7

[Achim Gratz]

Corinna Vinschen writes:
> You may be right here.  The problem is that we have two kinds of ACLs
> to handle, the ones created by Windows means, and the ones created
> by recent or older Cygwin versions.  It's rather bad that we can't
> distinguish them.

I thought that this was the point of the NULL SID ACL entries?

> But then, how do you check an arbitrary ACL for the effective rights
> it creates for all affected parties?  I may be missing some API function.
> but I don't see a Windows function generating some kind of effective
> ACL.  There's only the function AccessCheck() which gets a token and an
> ACL as input and then tells you the effective rights of the user with
> this token.  This gets very slow and complicated, very quickly.

Right.

> I hate to admit defeat, but it also seems that the method I used to
> handle real vs. effective rights just doesn't work as desired.  In
> theory we don't want the DENY ACEs having any effect before visiting the
> ALLOW ACEs.
[…]

I don't think the ACL rules on Windows are made for that due to the
early-out aspect of their semantics.

> This needs yet another rewrite, but this will take a lot longer than
> this first cut.  I guess we should create a new Cygwin release without
> this new ACL handling change for now to get the bugfixes out.

Yes, getting the fixes out and shelving the ACL part for some
re-thinking seems like a good idea.


Regards,
Achim.
-- 
+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+

Wavetables for the Waldorf Blofeld:
http://Synth.Stromeko.net/Downloads.html#BlofeldUserWavetables

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple