This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Cygwin 1.7 ?


Corinna

 

When will Cygwin 1.7.0 be available for downloading ?

 

I saw the thread below and think I have a similar problem that Cygwin 1.7.0
will fix.

 

I have software that runs under Cygwin and is compiled using gcc.

 

The code works fine under Windows XP but gives the following error under
Windows Vista.

 

*** fatal error - MapViewOfFileEx, Win32 error 487.

 

Also, do you know if there is a quick fix for this problem ?

 

Thanks

 

Terry Koontz

Technology Services Corporation

 

****************************************************************************
***********

 

From: Corinna Vinschen <corinna-cygwin <at> cygwin.com>

Subject: Re: Vista + cygwin basics

Newsgroups: gmane.os.cygwin

Date: 2008-04-21 08:50:01 GMT (7 weeks, 3 days, 7 hours and 37 minutes ago)

 

On Apr 21 00:36, Brian Dessent wrote:

> You can clear this all up with process explorer:

> 

> Unelevated bash shell:

> - user 'brian'

> - IL medium

> - session 1

> - shared memory area \Sessions\1\BaseNamedObjects\cygwin1S4.shared.4

> 

> Elevated bash shell

> - user 'brian'

> - IL high

> - session 1

> - shared memory area \BaseNamedObjects\cygwin1S4.shared.4

> 

> syslog-ng service

> - user 'NT AUTHORITY\SYSTEM'

> - IL System

> - session 0

> - shared memory area \BaseNamedObjects\cygwin1S4.shared.4

> 

> So as you can see, Cygwin tries to create its shared section in the

> global namespace, but doing this requires administrator privileges, so

> it can only do it if elevated (or UAC disabled.)  This explains I think

> everything that you saw.

 

Sorry Brian, but this has only marginally to do with integrity levels.

The real reason for this is the SeCreateGlobalPrivilege introduced with

Windows 2003.  Only administrative users hold this privilege by default,

as well as any process running in terminal server session 0.  Not having

this privile means, you are not allowed to create named shared memory in

the global namespace.  That means, the global shared memory used by

Cygwin can not be created by a non-admin user running in another session

than 0.  You can find more details about this privilege which, IMHO, is

obscurity rather than security, for instance here:

http://msdn2.microsoft.com/en-us/library/aa366537.aspx

 

Up to and including Windows 2003, all console users and all services are

running in TS session 0.  Beginning with Vista, even the console logon

is running in a session != 0 and only the services are running in

session 0.  With UAC enabled, an administrative user running a normal

shell is running it "non-elevated".  For an admin user that means, she

doesn't hold the SeCreateGlobalPrivilege privilege and the user token

contains the administrators group as "deny only".  An elevated shell

("run as administrator") contains the SeCreateGlobalPrivilege privilege.

 

However, that problem will be fixed in 1.7.0 by using something along

the lines of the Vista/Longhorn "Private Namespaces".  So, with 1.7.0

you will see all Cygwin processes again.  Unless, of course, Microsoft

decides to break my new solution with the next Windows version...

 

Corinna

 

-- 

Corinna Vinschen                  Please, send mails regarding Cygwin to

Cygwin Project Co-Leader          cygwin AT cygwin DOT com

Red Hat





--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]