[Patch] *** CreateFileMapping, Win32 error 5. Terminating.
Pierre A. Humblet
pierre@phumblet.no-ip.org
Thu Oct 16 15:48:00 GMT 2003
Corinna Vinschen wrote:
>
> On Wed, Oct 15, 2003 at 10:22:35PM -0400, Pierre A. Humblet wrote:
> > 2003-10-15 Pierre Humblet <pierre.humblet@ieee.org>
> >
> > * syscalls.cc (seteuid32): Always construct a default DACL including
> > the new sid, Admins and SYSTEM and copy it to the new thread token.
> > * security.cc (create_token): Use a NULL default DACL in NtCreateToken.
>
> I assume you have tested it also with an external token, don't you?
> I'm a bit concerned that the code also tries to modify the external
> token. Is that actually unavoidable? Isn't the problem just a
> typical problem of a self-created token?
Yes it has been tested with an external token. We already touch the owner
and primary group of the external tokens, the dacl is just another item.
It's needed with external tokens to handle the following type of cases.
A user in the admins group telnets into the box, creating a file
mapping with access by admins and system, but not by his sid (without the
patch).
While he is logged in, some service (exim, proftp...) creates a
setgroups(0, NULL) + seteuid() process. That process may not be able
the access the file mapping (without the patch).
Pierre
More information about the Cygwin-patches
mailing list