This is the mail archive of the cygwin mailing list for the Cygwin project.
| Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
|---|---|---|
| Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
| Other format: | [Raw text] | |
On Oct 12 20:37, Bryan Berns wrote: > I noticed when I launch an executable, Cygwin queries SACL information > on the executable (which I can see in Process Monitor as a > 'QuerySecurityFile' operation). On some of my protected file servers, > this generates a failure audit. Looking at the source code, I'm going > to guess this might be from the NtQuerySecurityObject call in > security.cc which requests SACL information by asking for for > ALL_SECURITY_INFORMATION. Does Cygwin really need to query this > information? Aside from keeping my audit logs clean, it seems like it > might be an opportunity for optimizing the executable launch process > if Cygwin doesn't really need this (or some of the other information > that ALL_SECURITY_INFORMATION provides). As you found out yourself, Cygwin only reads and writes the owner/group information and the DACL. Accessing this information is required for POSIX permission handling, e.g. stat(2), chmod(2), chown(2), acl(2). Also, creating a file with open(2) requires to write the DACL to create valid POSIX permissions for a file. Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Maintainer cygwin AT cygwin DOT com Red Hat
Attachment:
pgp97FsslNKV7.pgp
Description: PGP signature
| Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
|---|---|---|
| Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |