* Necessary To Query SACL Information?
@ 2014-10-13 0:37 Bryan Berns
2014-10-13 4:04 ` Bryan Berns
2014-10-13 8:07 ` Corinna Vinschen
0 siblings, 2 replies; 3+ messages in thread
From: Bryan Berns @ 2014-10-13 0:37 UTC (permalink / raw)
To: cygwin
I noticed when I launch an executable, Cygwin queries SACL information
on the executable (which I can see in Process Monitor as a
'QuerySecurityFile' operation). On some of my protected file servers,
this generates a failure audit. Looking at the source code, I'm going
to guess this might be from the NtQuerySecurityObject call in
security.cc which requests SACL information by asking for for
ALL_SECURITY_INFORMATION. Does Cygwin really need to query this
information? Aside from keeping my audit logs clean, it seems like it
might be an opportunity for optimizing the executable launch process
if Cygwin doesn't really need this (or some of the other information
that ALL_SECURITY_INFORMATION provides).
Thoughts?
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Necessary To Query SACL Information?
2014-10-13 0:37 Necessary To Query SACL Information? Bryan Berns
@ 2014-10-13 4:04 ` Bryan Berns
2014-10-13 8:07 ` Corinna Vinschen
1 sibling, 0 replies; 3+ messages in thread
From: Bryan Berns @ 2014-10-13 4:04 UTC (permalink / raw)
To: cygwin
Arg. Responding to myself. Apparently ALL_SECURITY_INFORMATION is
internally defined and doesn't contain the flag for SACL information
(so much for being 'ALL'). I'll keep exploring...
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Necessary To Query SACL Information?
2014-10-13 0:37 Necessary To Query SACL Information? Bryan Berns
2014-10-13 4:04 ` Bryan Berns
@ 2014-10-13 8:07 ` Corinna Vinschen
1 sibling, 0 replies; 3+ messages in thread
From: Corinna Vinschen @ 2014-10-13 8:07 UTC (permalink / raw)
To: cygwin
[-- Attachment #1: Type: text/plain, Size: 1269 bytes --]
On Oct 12 20:37, Bryan Berns wrote:
> I noticed when I launch an executable, Cygwin queries SACL information
> on the executable (which I can see in Process Monitor as a
> 'QuerySecurityFile' operation). On some of my protected file servers,
> this generates a failure audit. Looking at the source code, I'm going
> to guess this might be from the NtQuerySecurityObject call in
> security.cc which requests SACL information by asking for for
> ALL_SECURITY_INFORMATION. Does Cygwin really need to query this
> information? Aside from keeping my audit logs clean, it seems like it
> might be an opportunity for optimizing the executable launch process
> if Cygwin doesn't really need this (or some of the other information
> that ALL_SECURITY_INFORMATION provides).
As you found out yourself, Cygwin only reads and writes the owner/group
information and the DACL. Accessing this information is required for
POSIX permission handling, e.g. stat(2), chmod(2), chown(2), acl(2).
Also, creating a file with open(2) requires to write the DACL to create
valid POSIX permissions for a file.
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat
[-- Attachment #2: Type: application/pgp-signature, Size: 819 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2014-10-13 8:07 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-10-13 0:37 Necessary To Query SACL Information? Bryan Berns
2014-10-13 4:04 ` Bryan Berns
2014-10-13 8:07 ` Corinna Vinschen
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).