This is the mail archive of the cygwin@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: security.cc: bug report, question and suggestion


On Sat, Dec 29, 2001 at 03:23:01PM -0500, Pierre A. Humblet wrote:
> Bug in security.cc:
> 
> The intent of open_local_policy() is to return an INVALID
> handle if the call to LsaOpenPolicy() fails. Unfortunately
> the failed call changes the value of lsa. The fix is obvious.

Thanks for the heads up.  I've checked in a patch.
> 
> Breakpoint 3, open_local_policy () at /src/winsup/cygwin/security.cc:183
> 184       LSA_HANDLE lsa = INVALID_HANDLE_VALUE;
> (gdb) s
> 186       NTSTATUS ret = LsaOpenPolicy(NULL, &oa, POLICY_ALL_ACCESS, &lsa);
> (gdb) p lsa
> [...]
> Question:
> is the Policy Object only accessible by administrators 
> or is there some ACL that can be set? I was unable
> to find info on the Microsoft site.

AFAIK, it's accessible by everyone but it's only changable
by administrators.  I've checked in a patch so that the
call to LsaOpenPolicy() only requests the needed user rights.

> Suggestion
> In cygrunsrv.README, could you add that the user specified
> with -u must have the "Logon as a service" privilege?

Done.  But I will not upload a new version of cygrunsrv just for
a change to the README.

Thanks,
Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                                mailto:cygwin@cygwin.com
Red Hat, Inc.

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]