From: Corinna Vinschen <corinna-cygwin@cygwin.com>
To: Jeffrey Altman <jaltman@secure-endpoints.com>
Cc: cygwin@cygwin.com
Subject: Re: ls/stat on OneDrive causes download of files
Date: Thu, 7 Mar 2024 10:06:51 +0100 [thread overview]
Message-ID: <ZemDq4Qa7NLUJYWj@calimero.vinschen.de> (raw)
In-Reply-To: <7d9fe460-5704-424b-a89b-e34ef2176d38@secure-endpoints.com>
Hi Jeffrey,
apart from the attribute stuff...
On Mar 6 13:55, Jeffrey Altman via Cygwin wrote:
> The default ProcessPlaceholderCompaibilityMode is PHCM_EXPOSE_PLACEHOLDERS
> which makes the FILE_ATTRIBUTE flags and reparse tags visible. Microsoft
> maintains a database of processes for which PHCM_DISGUISE_PLACEHOLDER is set
> which hides that information. Its unclear to me that explicitly setting the
> placeholder compatibility mode is useful.
What I see as a problem here is this:
https://learn.microsoft.com/en-us/windows-hardware/drivers/ddi/ntifs/nf-ntifs-rtlsetprocessplaceholdercompatibilitymode
Quote:
"Most Windows applications see exposed placeholders by default. For
^^^^
compatibility reasons, Windows may decide that certain applications
^^^^^^^^^^^^^^^^^^
see disguised placeholders by default."
But then again, in other news from Microsoft:
https://learn.microsoft.com/en-us/windows/win32/cfapi/build-a-cloud-file-sync-engine#compatibility-with-applications-that-use-reparse-points
Quote:
"[...] the cloud files API always hides its reparse points from all
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
applications except for sync engines and processes whose main image
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
resides under %systemroot%. Applications that understand reparse
^^^^^^^^^^^^^^^^^^^^^^^^^^^
points correctly can force the platform to expose cloud files API
reparse points using RtlSetProcessPlaceholderCompatibilityMode or
RtlSetThreadProcessPlaceholderCompatibilityMode.
Considering these two statements, it's totally unclear to a process, if
it just defaults to "exposed" or "disguised".
Fortunately we can ask Windows by calling the
RtlQueryProcessPlaceholderCompatibilityMode() function, right?
Lets have a look into the documentation at
https://learn.microsoft.com/en-us/windows-hardware/drivers/ddi/ntifs/nf-ntifs-rtlqueryprocessplaceholdercompatibilitymode
Quote:
"Return value
This function returns the process's placeholder compatibily mode
(PHCM_xxx), or a negative value on error (PCHM_ERROR_xxx). Contains
one of the following values:
Compatibility Mode Value
PHCM_APPLICATION_DEFAULT 0
PHCM_DISGUISE_PLACEHOLDER 1
PHCM_EXPOSE_PLACEHOLDERS 2
PHCM_MAX 2
PHCM_ERROR_INVALID_PARAMETER -1
PHCM_ERROR_NO_TEB -2"
So I called the function right at the start of the Cygwin DLL, and it
returns the value 0, i. e., PHCM_APPLICATION_DEFAULT.
At this point the process *still* has no idea if placeholders are
exposed or disguised. What a great API! \o/
So, from the above, and if we really want to be sure that placeholders
will be exposed, I don't see any way around calling
RtlSetProcessPlaceholderCompatibilityMode(PHCM_EXPOSE_PLACEHOLDERS)
explicitely at DLL startup.
What do you think?
Thanks,
Corinna
next prev parent reply other threads:[~2024-03-07 9:06 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-06 0:54 Marcin Wisnicki
2024-03-06 13:22 ` Corinna Vinschen
2024-03-06 13:28 ` Corinna Vinschen
2024-03-06 13:54 ` Brian Inglis
2024-03-06 17:19 ` Corinna Vinschen
2024-03-06 18:55 ` Jeffrey Altman
2024-03-06 19:14 ` Corinna Vinschen
2024-03-07 9:06 ` Corinna Vinschen [this message]
2024-03-08 10:37 ` Corinna Vinschen
2024-03-08 12:52 ` Thomas Wolff
2024-03-08 13:15 ` Jeffrey Altman
2024-03-08 13:56 ` Corinna Vinschen
2024-03-08 22:21 ` Corinna Vinschen
2024-03-08 22:26 ` Marcin Wisnicki
2024-03-09 20:29 ` Marcin Wisnicki
2024-03-11 17:04 ` Corinna Vinschen
2024-03-06 19:00 ` Corinna Vinschen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZemDq4Qa7NLUJYWj@calimero.vinschen.de \
--to=corinna-cygwin@cygwin.com \
--cc=cygwin@cygwin.com \
--cc=jaltman@secure-endpoints.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).