This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

backup privileges [was: [ANNOUNCEMENT] Updated: cygwin-1.5.22-1]

From: Eric Blake <ebb9 at byu dot net>
To: cygwin at cygwin dot com
Date: Wed, 29 Nov 2006 21:53:17 +0000 (UTC)
Subject: backup privileges [was: [ANNOUNCEMENT] Updated: cygwin-1.5.22-1]
References: <announce.20061114101219.GB31134@calimero.vinschen.de>

Corinna Vinschen <corinna-cygwin <at> cygwin.com> writes:

> 
> I've made a new version of the Cygwin DLL and associated utilities
> available for download.  This is a bug fix release.  Only one minor
> functional change has been made since 1.5.21-1.  As usual, a list
> of what has changed is below.
> 
...
> 
> - Always open files with backup/restore intent to emulate real "root"
>   access.  Fix access(2) accordingly. (corinna)

This change has some interesting effects, and I think you did the right thing 
by making access(2) reflect what open() is capable of.  But now both the 
findutils and coreutils testsuites report failures, where before this patch 
they were passing, when the testsuite is run by a user in the Administrators 
group.  These failures are spurious, due to the fact that the testsuites are 
making the (IMO unfounded) assumption that it should always be impossible to 
read a file with mode 000.  The coreutils testsuite, at least, recognizes the 
importance of checking in advance which tests of the testsuite must be skipped 
when run by root/non-root entities due to the different semantics that 
privileges outside of the ACL scheme can provide, but obviously did not catch 
all the cases.  But it took me a while to realize that these were testsuite 
bugs and not program bugs.

But it does beg the question of whether it should be configurable whether a 
user WANTS to use backup privileges to bypass ACLs.  It seems like cygwin is 
very often installed by users that happen to have Administrator privileges, but 
who don't know any better that they must be careful (in particular, think of 
home users).  For the same reasons that you don't normally run as root on 
Linux, even when you know the root password, you shouldn't normally be allowing 
yourself extra privileges (like backup/restore intent) in day-to-day work on 
Windows.  Perhaps we should add a switch in the CYGWIN environment variable 
that can be set so that a user with Administrator privileges can still honor 
ACLs rather than behaving like root?

-- 
Eric Blake

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Follow-Ups:
- Re: backup privileges [was: [ANNOUNCEMENT] Updated: cygwin-1.5.22-1]
  - From: Corinna Vinschen

References:
- [ANNOUNCEMENT] Updated: cygwin-1.5.22-1
  - From: Corinna Vinschen

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]