Mail Archives: cygwin-developers/1999/08/04/06:10:10
This is a multi-part message in MIME format.
--------------D25C5E0F8D50396741D3AFBE
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Hi!
I have patched security once again. The worst thing was a free() on
stack memory (Puh!).
ChangeLog:
==========
Thu Aug 4 10:28:00 Corinna Vinschen <corinna AT vinschen DOT de>
* security.cc: Erased MALLOC_CHECK calls.
(lookup_name): New function simplifies the retrieval of user
and group names.
(alloc_sd): Calls `lookup_name' instead of `LookupAccountName'.
`system' gets no special permissions to files anymore.
`administrators' only get restricted permissions instead of
full access.
ACEs are generated only if the permissions are != 0 for that
user/group/other.
* shared.cc (sec_user): Calls `lookup_name' instead of
`LookupAccountName'.
'free`-call on stack space eliminated.
* winsup.h: Declaration for `lookup_name'.
* doc/ntsec.sgml: Adapted.
The permissions to administrators are restricted to the following:
read permissions
take ownership
This behaviour corresponds better to the typical WinNT settings:
No admin should have the right to change my files. Only actions
are allowed where there remains a fingerprint of the `evil-doer'.
A special case is, if I'm logged in as a user with administrators
as primary group. The settings should give more permissions to
the other admins to support better the typical behaviour of NT:
As you know, if one is member of admin group, all her files
are owned by the group instead of by her. This is not the case
with ntsec but the other admins should have easier access to the
administrative files. So in this case the admin group gets the
following permissions:
read permissions
write permissions
write owner
write ea
also in the case, where group permissions are set to 0.
Caution: The primary group is taken from passwd file (as before).
This is more convenient on workstations outside of domains because
the primary NT group is None (513) for each user, including
administrator (500), too. This can only be changed in NT domains.
Best Regards,
Corinna
--------------D25C5E0F8D50396741D3AFBE
Content-Type: application/octet-stream;
name="ntsec-patch9.bz2"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="ntsec-patch9.bz2"
QlpoOTFBWSZTWUuFIEcAEVV/gH92RLhz///////f7v/v//5gGVwBpvvuDavMvYsaypZ17e92
d5nrCAB71HUKoEnQ1zW9uckzdzz1l53Td2uqCi7dBXVa5OjbGnRYaBECZGENJ6JtKaepobQR
o9QGTQAB6gAAAAJTRAICQNTVN6p4ZCnqPTEyn6phGQek0PUAD1ABoADhiNNNBoA0AAAANBkG
mgaADRoAxDQCTSSQQEE2qHplNkyagHtKeKYgyAAAAeoAeoNARJI1T0qe9JqT9GpqfqNJoep6
jRpoaA0aGT1AaNGgDQHqDQAiSJMmgTTRPIjJoyIyaaaU9TzRNNIHqNpHqYmgADTyjTT5BxDt
gCwkkGSd8qsiIinewlUVmTMWVkyIog3ByVKKYmNisVDGWy+H5fzPF+g/b6ml4cZOKPI2KwGL
45Pf+K9CletXzO+mjD+33v/Gs2n1U3TuMs3IKcGQ/Uk1qmvfuIqqojIvl/h5jecWcE9SBw4Q
00Yep5ufdheg6ceBZjKVKs9G714Kb9u3t3NtRUU3s428mr2LYb6Xq6MMRXe9fPrOfmsxUUWt
MuOPD2M7Pruw4cN2uZA6Wp2GvQgoNI07IzGAjKbqGnUF5Lt8OpvgahVTygslJ6CH5/AFOlcs
tt+j2RvDnz6Z7g3JAFZcGZ2qahMDpZ2oK4FKa9hKvZYs1qybJsl5AN22jZNyiqw0YmsmsDI0
crpMMKGRQevlFtN4I8OcFaS/JfiiXpPV00zcLpgLznY2jWi5WNvq679AZ7gn4hAQX5EEkF7A
kIjxQELEYoisOQIQDQyRhtCmigo9s0QRArJNaFFBQUUy1aWxVKGMiSIgskMkxEYjIiEoyrHE
KsbkUCIyKBDwbgMGQ07FpZCDC1aYCrmNMly2tMpalwwxUZcaLYhgtbcpWBkSsHLMgfvD6+vz
W5H/fVTwPL+fbYPwvrlkxMWJ59ahrMcDQBECS7wtL+yK7nPz3cDnGbmrqhHkEoxkQ0xeV6Q1
MuOEx/oskDAdVaA/A9BkmyXXzCAZf7ghey85wY/IcN9ISZDBJQUSSiA5fSRbi9MM3mLAQFN/
J83dyeNBoP2bxXaad9BDBskmqtOqcdXZmZx4z1S2++8hIqvZ79YB3lWkL2RB78fMGpDb5T+o
brUoF/9DpDsDo9cT2kfhDP74Hp4hsNkhf2MoLA9ITuLmyv/i6d/pfLU+bxcCyfU77agWE2aC
/Y0yrjO/Hr/7SU1yWaKaFGhlU7Ow7bUHGZgYPMiXHEFMlRjCiGWsFnIaa1toMnGJN0j12KSL
cohoTHFlyEgkhBNF+wDR5+jUWcyL1ZWUSs3SaqNkHC6xhCaPQG7H8cq0YvvNLzEX3DUCVSGx
pz0Yrlr2u2xhiZs2uPN2DyW6qWqMk28/gLci34EKgng3Pasm54XEYUQSVGUbUUE0ryr19iXv
rkxPjdwwm15kBk2Su9/LGLdv8e05b31yPr3ObPrbuVN6bkZ7yjV/y6WAKpkkzUhhXdQzVNT0
dPdtZq0dWHZnb29GwGtiwLhyWiogukx4rfAFHhok5z3UX0VWzSPWDA7TnpryNtV3UsXeUb9X
ZRD6CM5SPEHVhLoevdk2dMUO8cprrnrw6dtfc24bszE5GRDcacSSnNFETVYoQRRgJgWaSXCa
dDLdkdbkWfTP9IIRs3BSVmQnhr5pBSXTN5kw0CJIBvz1K6+ho/FU4G0FDzp37nf2EnefHS20
gzU0arGCuGHH5DllYqvbbnjnSxATQhQCpGYCTX0h8tOZZ0y25z2djJnkmBi9HGMdQRTJ4xjH
ixsb7pO/OlENz6M2QeBGb0bieAqRHLEk3XFNK5vYPByVod7npV51alH9y1eucUsyndVHrCE1
JjER1mgBlIG/j3uuwCiiuuO6+egXNEugAsxYhygEHz4/ZMNIpthxD16gL/3uHVQ8QgMikISa
Zt9UDb+FBCB9vfPx3FzX6qL2qtZqWRSQjFgh14HgYNhnrsUPlh9n32LWtSndiBdILsM0+qjl
Veo+nQIPxEUukDl113+EklDx8KUM4SdDAIiiiQOMGRagiE8TxfBIggYkUJEYTiPF/ejDdLz4
8HCeF1K/fmp9qO/w1fBpfE2k78EZL+ghav5Crq6ckbvTxCTjPN7iYWTpWbXw+w4CG0RR59qZ
5KCplFxIWN5RMhMYGB4qPTem97/BdjV5puqPoVKZbDi43zaOWaZDtM6RNA/JzA0kLLyPaUZT
s/co9QpNTU6O8hRywVkpvaQ9uiZmolNxQh5SkpjkVndUmVk8Qn+Tj9bvk+YlSQhGIFd+q4/z
zMFX0lQca/HrNofhli++QkTFKFCAHLbu4b+jhe9uWBheSi/aYWDCEwowjD4rlPnwOWeHqPMH
kpdDD9MIYOf7oX7ubys1mZ6rXr4HrhBomPxqx1rfDMaxAKq52UZ2+lzzDmx5mH/5s3waGRwZ
3qlwwBkWrSQxknhafLMabMqUCOEEBwucGZdYw2G9xWUiHBJCTmuXHR2ageryZPQHpqOXGdaU
nEq1d/z2idSyverxEVvOKTrZUpMlek6PMnjfCcuo6e9EE8H3MGfbAsFhU5BxHkUHYUdnHEMQ
evI5dvZ/Bf7nt6QQ5XyuP9c8p8+ZCSQlngnFMvnX513+6Htg9EkO4DzgaQ54H7GjAOIV0R8I
yB5m2ARaCi95GafC/dgjPRgHMGU28MBK8VCxMDUK2kxkJndIQv0BdBKZ2QCICedvG75vUBvS
FQ6QsHsGLmWmlWD5mTcamzp20eBQUjllK/I5Q5ZRamwGGHYLuFGnbUOaOp9qTyHIxphzWlKR
KrPNbFN6SnrKWT49doW3Dc0eU582NBe9rupU3bhHCmV8WpBloEm6H1MPa6x8PINmtQ0qpJaO
9VrrERtKtc9ba4usXTxBZnpOcEpWMMzVvJ8PfFtYyuRwkSrkW3TEYuDJsMrWhPlk8KE+C9mm
rpixfOjviwEkFyhmSnlN4LXyxi85ZgzvlOQGAmDQcve49708ztKTkMgk/3kJloZBuIfbhJL4
z0n3PM8cPwu+ih486AmkyDZ14Z+jt9dDiJqrIiMKDi5lMejYleNdZQCXbSGjK3huYk+VKpBq
mcs7oTdV6RciM5GlnzvDwyTJNk8910jVFuuV8+zwuwhw3usWy2b3Qw3m2YlaqJJ0KS9zQZHD
p9HPLOGR0OowD5fnoUkPpGJiWCxhSsSkPGCQ8oaCfnnjIiQ0lgxHvAgXEChA3j6YGo+/rDjS
BP27mD2MB3FMk8GQHgUSAfyp6gXuphmpyT3CydFT0VYnIMHoj5JqTnDwqV0OUa81LUkneTi8
bHlmufa+o1wB/uA1Uc4A8UUoHFMR+4MFC6iaUDHtQ913dmguM0NRhUWRqMc2y0lhIVJbqkjC
M1njUmaQXUUSJvA2rnogZqex2qcW5s8kDnSl/AQlDCz/gEY8e7AwMJCqhVYSsuPOGwHSfrUT
8UxE7g/8XPi9PnE/tV9zxKgBqEiUYhJghzoZCby6gxUskCK3px3wwA2mZAw/yg+CDyIiwPvA
4pu4O1XyBzYo9FbBz/jgHmJP0D03TwDrUTUJE2I4PMOgzV6pE5F4t+IVEe6DmXDBHyJ7HIF6
PQmhTjpXIspisKQSBzJlT+r4ub9m8nuD19V5D3JqDgonSyEg+daeFA1A7O0DpEgLgnIhBJGK
DwDQomqLi1dSrZDsAwXYk9k+SKJ5tKbV2eILA9bzK3TCCcybQ03S9GuO4CNsXajxL7GJyzUT
qA7XWBmt+CeIDDmEJnptVVddbu9MxKwf86Rd14rIxIkE0kG84Po7PIbNYc81ml4LHSChDapz
lLxa1WS6uCORwCG0S4nsDE8DICgLpn8zfydKYGoIO6Ie304FUwKdgcVObcBeKkflhuX7zFzQ
uP7kFqGwGgEgGdjQ06AN5s/Eb1gIdmgOz4jI+jscx+HyRNqm5Od7noCjCkuFkiHjHu3TqOkz
iXA0+xHWtek5agTsTH4umnp4B6fQB3a1dD1HzahNgZZeFw+FNO55L4gPEfH1Lhup+YQsbULk
CNbF9J13C5RHUG5qMJLbWCYB8T1U7Qdgn5vUeg9viOX3bFEIGHi6U2DEniAE3wnjUSl9MSIQ
KCK/VgGhOSXsCYhT2TeaRFXjuYbpoQO/9vhDUED43X5p6/96K9YHUgJE9nwfa6ia2fOyZD3L
DID7q7w9D53kDi/CO4JWMGQNGjKfaIQi44N2NzdyA8wTdnMHk2S1Ft4WGucQxbRWJbYxgW0Q
lx0XDKwuTaLIzOqDM3CaUq3zP/C4IppQfvg4v170Q1cysbcLkMFGDEaGhgle8QPeBPukPDNE
NInfUYbACyRM7gF+t71G3bvEe6PBROE74H8dmfkGjFYhyzxtEqFPnLSHSlJFJIX476Yh2mFh
Q40rXFslzzbWSwGujPWGGWgbYTwDZjhoO9cl4n2xA5K9UL3vP5bJ5p9O5Ogt4xmES0dJ6q9d
iuemQo3oMTxiDDtjoZN8DFk1waIlBzBSwCyNbltHE5LyQchx7am8gnKpEisTbSBQMGBg5oMg
sDV1l+GfIiBIPCPrYGO/FKJqhIA3DEWSRhzh8GxB5nxTgjtDXvip/oG2s+HABSE6Im8Dy0rB
PxbjexPC0rQ23lUzA2GQ2GTck3IaHBgZVskFgQhcY1NqllLYLgpiwG1wg0Ls1n42MOAiETtb
bwJto0ewBvLjZyK4w5aVjIiMWqBugZbBeeaOPPkwQ0qGD1wP2/t3lrWp4Tu8yxaApCI5Z/Bh
3vj8h6AqHhwRL+C2Gy0SFmh81qI/vPps9rL0OHy/Qd0GCTyu7EeSpWTU9sm4XxMMCmqhE64l
NDuTpN5vEWRZ7OxqzGZOIIEyGWkjaOyitymYiYwlN7QNKzYjjrbekEkEV0cJsoQkycTWsw9m
gJFiblgKtRbhd4fW5GwKXYHuGJb+KDonag5qmHtu2Q+xTZqmNbbB3QxT41JljqxfEXSwaV5y
TAKTAcUwDobmdw+QCppGXMMxjWmleElw2xJqVaQCRal7CZ2qJgrhpjjSkB490vfa6D2XVvFn
Qn0UYFk9h3iAeX0VUxziwhIvdQNoiqTmA0LBkGLNQoHJhCgYDO3aiyr9OrfuC4b24c/Mmh0K
BQjDcgQBjAFkUO4FUl9Lapo9raPTBId3DeG8M0a1w8TJ7g0katp90Q5pGHF6BA6XyuKblYvl
xTNB0voYjnAe9C1qIRJF3a7pZA0Y4sbh6vQ3moerhjAcSbAc/NNryBxCF54eAIZQlUzo6UgP
tfNIb97sbRltGGIGRoQwlxQpLLaPPKU96MisLX0lVPXnLejrbzC2cDTJYobGFByEH1evy3NC
h2k+CJA9EBuMPkoYkDTBYRBA0QsiUOR9vYhew9aaFstjCCGnprYPz5h3+XsLMpqQqSVIpVZn
xYYZqwtzK5ctrgq1h5IcA6nW6zhB/UxjIQQPjYm8NJ7iBXc2jALy+WWIadRx0OnJcpY6kICd
gQ6AXHQbhqEi6jXgjqDEssEuGamtf14vsNFbCKTANOBhgloA8tdOtOsIbQlRB6t53kmZry8i
uhIMOYImJmUjaWAglg6PEmraaR1u5gQnY4Wd4OaTaSy1URVWqlUoc23A3J2edMDe6MqLDjED
61IYAXnQlJ9kD2d7gjmGJpsUdN2CUxoIpvyLFxQr1zephAIp2pigfLnoLaSqQOaj80y4BoCl
NAUIWHatzRz9eGtCGjv0DA18dsN4AoUYOMOpz4jYSS8qHSHF7tMbIBLGYO0ZDBlq3skoU1mv
PTMSQiyZgx1sAuEyU1zJxGPYMkLzIzaVLCNokiWGRGoXEiXG4LNBcD6yoVd2nX3KQ8CAc1u7
h57YGuFETDqDxic4HVbnFN6HMGnFPDUiackYn8LQJ4RA4BmSVKJ2Fs4skDNMBNAru+hW49+o
bhvGbKLWAxN9PSPSuiw5TS6dbE7+0DmzNPHzu1U3CjvNRv2I8H4CcYVGT8n10+ROmHbDOhM4
12qWgiq+O8xuZmxE+ewNdleTLQAFo0e3feRDYjuoPedvFPzgeFl7qknkjaBPAZkwowai85aY
KU5WSYwhxCNAQdAQXBMV7UgmBYvVJIa+ZntHdPa5Zuh4O7uwScO3agsqPpCncD6g06/R6da1
Je9ql4Jv4cwg85A6wXkjg/D+kgRIdTiwYxS4UBijZSQQyjvg+/eMdg57QmH5jIWRkVDLSjnI
k41uTIq7ynqnojrtNbEoGmT92ROsve85ekibjuUXg+fkjbDlhBjhghlV64k+ukyO2QzWYTGN
jDEOxCTsm8eTkA3bcpsnA+FpHvA6A75+UIaGoeo+TN6Cmk6nrXcAZDkB7/bV9wUaFHnp74Bj
DdzCV9ibGg5eqm0Ce8lGHbgwqCw4NZ9HzrQ2YGiEhIQwXetBn0PHyBFMbwhJDD4YGRAfshy6
5XXzh7wwVTPWpNip3ZGyx1gWMcV2oWkkqYITdypORvzC2DoXTrXjQfXHU+PTbECLAxMmzeU8
VE/enIIUVxlBid2ZBQQRkO95crxdbwZ1IQwkQESRIcbCUSQWBqrZcNJcmOaLYgwMcLC2TAsQ
DymqZUYicAyiZoBY85nnQkyVdWNJkOgNRqzts06kycwIfTCQPIjniYjMc1ugfU0IMBAVwQ0Z
AENBZgZkAE0lDMNwAMu0Nnn/eBsHw8SbP0fQDzRB3mzmOuL7yUuvaaj5Ojuq5oxKFTWhD4wS
QYi1A4gmwAPf92IZGrftJJBLE6tima1R88dhzBxcRfgKnHbDr4tBgQL7w8rwuSicWqLV02U8
uIeoIEuVfCfkkihyv0niCg00bDzny7A9MQmnt2J2HG51Qwo+As+OAnNw0G+7/JEYEu6AgGT3
xM+oRMvYeXshR3DubcUwDCsb0V30svXhRBqWgif9/izWnMsOzuz3nKeIKFAk7ONDomH/xdyR
ThQkEuFIEcA=
--------------D25C5E0F8D50396741D3AFBE--
- Raw text -