This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Necessary To Query SACL Information?


I noticed when I launch an executable, Cygwin queries SACL information
on the executable (which I can see in Process Monitor as a
'QuerySecurityFile' operation).  On some of my protected file servers,
this generates a failure audit.  Looking at the source code, I'm going
to guess this might be from the NtQuerySecurityObject call in
security.cc which requests SACL information by asking for for
ALL_SECURITY_INFORMATION.  Does Cygwin really need to query this
information? Aside from keeping my audit logs clean, it seems like it
might be an opportunity for optimizing the executable launch process
if Cygwin doesn't really need this (or some of the other information
that ALL_SECURITY_INFORMATION provides).

Thoughts?

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]