From 8f856553c01d756ca8fdd5a53139f433514dad74 Mon Sep 17 00:00:00 2001 From: Christopher Faylor Date: Fri, 4 Jul 2003 01:58:24 +0000 Subject: [PATCH] ntsec patch --- winsup/doc/ntsec.sgml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/winsup/doc/ntsec.sgml b/winsup/doc/ntsec.sgml index 1daecb5ff..0a5fe42a8 100644 --- a/winsup/doc/ntsec.sgml +++ b/winsup/doc/ntsec.sgml @@ -1,6 +1,6 @@ NT security and the <literal>ntsec</literal> usage -The design goal of the ntsec patch was to get a more UNIX like +The design goal of ntsec is to get a more UNIX like permission structure based upon the security features of Windows NT. To describe the changes, I will give a short overview of NT security in chapter one. @@ -129,7 +129,7 @@ set The two important types of ACEs are the `access allowed ACE' and the -`access denied ACE'. The ntsec patch only used `access allowed ACEs' up +`access denied ACE'. The ntsec functionality only used `access allowed ACEs' up to Cygwin version 1.1.0. Later versions also use `access denied ACEs' to reflect the UNIX permissions as well as possible. @@ -141,7 +141,7 @@ from the write permission. to objects in a far more specific way. But what about cygwin? In a POSIX environment it would be fine to have the security behavior of a POSIX system. The NT security model is MOSTLY able to reproduce the POSIX model. -The ntsec patch tries to do this in cygwin. +The ntsec method tries to do this in cygwin. You ask "Mostly? Why mostly???" Because there's a leak in the NT model. I will describe that in detail in chapter 4. @@ -158,7 +158,7 @@ see only two simple variations in use: data structure is used, the `security attributes' (SA). This structure contains an SD and a flag that specifies whether the returned handle to the object is inherited to child processes or not. -This property is not important for the ntsec patch description so in +This property is not important for ntsec so in this document the difference between SDs and SAs is ignored. @@ -168,14 +168,14 @@ this document the difference between SDs and SAs is ignored. Any process started under control of cygwin has a semaphore attached to it, that is used for signaling purposes. The creation of this semaphore can be found in sigproc.cc, function `getsem'. The first parameter to the -function call `CreateSemaphore' is an SA. Without ntsec patch this SA +function call `CreateSemaphore' is an SA. Without ntsec this SA assigns default security to the semaphore. There is a simple disadvantage: Only the owner of the process may send signals to it. Or, in other words, if the owner of the process is not a member of the administrators' group, no administrator may kill the process! This is especially annoying, if processes are started via service manager. -The ntsec patch now assigns an SA to the process control semaphore, that +Ntsec now assigns an SA to the process control semaphore, that has each permission set for the user of the process, for the administrators' group and for `system', which is a synonym for the operating system itself. The creation of this SA is done by the function @@ -234,7 +234,7 @@ in French, etc.), in domains it is named 'Domain Users'. Unfortunately, the group `None' is never shown in the user admin tool outside of domains! This is very confusing but this seems to have no negative consequences. -To work correctly the ntsec patch depends on the files +To work correctly, ntsec depends on the files /etc/passwd/ and /etc/group. In cygwin release 1.0 the names and the IDs must correspond to the appropriate NT IDs! The IDs used in cygwin are the RID of the NT SID, as