This is the mail archive of the
cygwin
mailing list for the Cygwin project.
Re: [ANNOUNCEMENT] TEST RELEASE: Cygwin 2.0.0-0.7
- From: Achim Gratz <Stromeko at nexgo dot de>
- To: cygwin at cygwin dot com
- Date: Thu, 23 Apr 2015 20:44:52 +0200
- Subject: Re: [ANNOUNCEMENT] TEST RELEASE: Cygwin 2.0.0-0.7
- Authentication-results: sourceware.org; auth=none
- References: <announce dot 20150417103517 dot GV3657 at calimero dot vinschen dot de> <loom dot 20150421T111734-742 at post dot gmane dot org> <20150421121559 dot GY3657 at calimero dot vinschen dot de> <87a8y15rie dot fsf at Rainer dot invalid> <20150422090440 dot GB3657 at calimero dot vinschen dot de> <877ft480zp dot fsf at Rainer dot invalid> <20150423083446 dot GG3657 at calimero dot vinschen dot de>
Corinna Vinschen writes:
> You may be right here. The problem is that we have two kinds of ACLs
> to handle, the ones created by Windows means, and the ones created
> by recent or older Cygwin versions. It's rather bad that we can't
> distinguish them.
IÂthought that this was the point of the NULL SID ACL entries?
> But then, how do you check an arbitrary ACL for the effective rights
> it creates for all affected parties? I may be missing some API function.
> but I don't see a Windows function generating some kind of effective
> ACL. There's only the function AccessCheck() which gets a token and an
> ACL as input and then tells you the effective rights of the user with
> this token. This gets very slow and complicated, very quickly.
Right.
> I hate to admit defeat, but it also seems that the method I used to
> handle real vs. effective rights just doesn't work as desired. In
> theory we don't want the DENY ACEs having any effect before visiting the
> ALLOW ACEs.
[â]
I don't think the ACL rules on Windows are made for that due to the
early-out aspect of their semantics.
> This needs yet another rewrite, but this will take a lot longer than
> this first cut. I guess we should create a new Cygwin release without
> this new ACL handling change for now to get the bugfixes out.
Yes, getting the fixes out and shelving the ACL part for some
re-thinking seems like a good idea.
Regards,
Achim.
--
+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+
Wavetables for the Waldorf Blofeld:
http://Synth.Stromeko.net/Downloads.html#BlofeldUserWavetables
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple