On Mon, May 13, 2002 at 11:25:09PM -0400, Pierre A. Humblet wrote: > Hello Corinna, > > This is the third installment. It fixes: > 1) non-cygwin child processes always get the correct primary group > 2) tighter check of whether an existing token should be reused > 3) impersonated tasks now have access to their own token
What applications did you use for testing? Just curious... > There is another set of changes I'd like to make to address > two issues: > [...] > I don't know the history and motivation of this design, but > it doesn't seem that clean. I would propose instead one of It is not that clean but the history is only a rudimentary support of groups at all. It was difficult enough to learn how to change user context w/o password at all and how to manipulate a token in a useful way. No doubt, it's somewhat unclean. > 1) when ntsec is off, setuid() succeeds while doing almost nothing. > The danger is that a privileged process will never give up > its privileges. > 2) setuid() and setgid() return in error on NT if ntsec isn't set. > 3) no matter ntsec, setuid() / setgid() behave basically as they do > today when ntsec is set. They fail if the passwd file doesn't contain SIDs. > I would vote for 3, not seeing the advantage of 2. > What's your opinion? I agree. 3) is the way to go. I've no example handy but switching to 2) might break apps which work fine on the commandline otherwise. I'm looking through your patches (including your today's security.cc update). I will apply them perhaps tomorrow, trying to understand them first. Thanks, Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Developer mailto:[EMAIL PROTECTED] Red Hat, Inc.
