Hi, all. A user sent a message to the or-talk mailing list about windows ACL issues in libevent; I'm passing along the relevant excerpts in case they help.
----- Forwarded message from Lee Fisher <[EMAIL PROTECTED]> ----- [...] I notice that NULL ACLs are being used. Libevent's win32-code/misc.c's socketpair() calls CreateNamedPipe() and CreateFile(), both of which have their last parameter, lpSecurityAttributes, set to NULL. With no ACL, the process gets the default ACL. I believe this means that multiple user groups gets write access, and Everyone gets read access when NULL is specified as the ACL (forcing the default ACL with appropriate ACEs). Also socketpair() it calls SetNamedPipeHandleState() but doesn't check the return code, not ACL-related but it should be fixed. [...] CreateNamedPipe excerpt: - -----snip----- If lpSecurityAttributes is NULL, the named pipe gets a default security descriptor and the handle cannot be inherited. The ACLs in the default security descriptor for a named pipe grant full control to the LocalSystem account, administrators, and the creator owner. They also grant read access to members of the Everyone group and the anonymous account. - -----snip----- CreateNamedPipe excerpt: - -----snip----- To create an instance of a named pipe by using CreateNamedPipe, the user must have FILE_CREATE_PIPE_INSTANCE access to the named pipe object. If a new named pipe is being created, the access control list (ACL) from the security attributes parameter defines the discretionary access control for the named pipe. - -----snip----- CreateFile excerpt: - -----snip----- For backward compatibility purposes, CreateFile does not apply Windows 2000 inheritance rules when you specify a security descriptor in lpSecurityAttributes. To support inheritance on Windows 2000 and later, APIs that later query the security descriptor of this object may heuristically determine and report that inheritance is in effect. See Automatic Propagation of Inheritable ACEs for more information about inheritance rules in Windows 2000 and later operating systems, and how they differ from previous versions of Windows. - -----snip----- ----- End forwarded message ----- -- Nick Mathewson
pgpLH3KJX0iF3.pgp
Description: PGP signature
_______________________________________________ Libevent-users mailing list Libevent-users@monkey.org http://monkey.org/mailman/listinfo/libevent-users
