This is the mail archive of the
cygwin-developers@cygwin.com
mailing list for the Cygwin project.
Re: ntsec change needed to read one of my partitions
At 11:28 PM 11/24/2003 -0500, Christopher Faylor wrote:
>On Mon, Nov 24, 2003 at 11:06:16PM -0500, Pierre A. Humblet wrote:
>>>FWIW, the size returned by read_sd was 4144 so bumping things up to
>>>8192 was probably overkill.
>>
>>4144 IS very strange, way high.
>>What does cacls report?
>
> k:\ BUILTIN\Administrators:(OI)(CI)F
> NT AUTHORITY\SYSTEM:(OI)(CI)F
> CREATOR OWNER:(OI)(CI)(IO)F
> BUILTIN\Users:(OI)(CI)R
> BUILTIN\Users:(CI)(special access:)
> FILE_APPEND_DATA
>
> BUILTIN\Users:(CI)(IO)(special access:)
> FILE_WRITE_DATA
>
> Everyone:R
That's 7 ACE's, each with a short SID. Ballpark size
should be < 200 bytes. Something weird is going on.
Also CREATOR OWNER:(OI)(CI)(IO)F
doesn't match default:user::---
We may be forgetting flags such as GENERIC_XYZ
It surely would be interesting to dump the sd_buf
from gdb. I don't doubt that Corinna would look forward
to decode all 4144 bytes.
I vaguely recall seeing a strange sentence on MSDN, to the
effect that extra info can be hidden after the SID in an ACE.
I wonder if something like that is going on, or if there is
just a lot of garbage in the tail of the DACL.
The max size of an ACL is 64k, and the SD is perhaps a 100
more. Should we just bite the bullet and go there?
Pierre