JehanneOS
/
newlib
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

ntsec patch

This commit is contained in:
Christopher Faylor 2003-07-04 01:58:24 +00:00
parent 3d8a75bdbe
commit 8f856553c0
1 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
winsup/doc/ntsec.sgml
View File

@ -1,6 +1,6 @@
<sect1 id="ntsec"><title>NT security and the <literal>ntsec</literal> usage</title> <sect1 id="ntsec"><title>NT security and the <literal>ntsec</literal> usage</title>
<para>The design goal of the ntsec patch was to get a more UNIX like <para>The design goal of ntsec is to get a more UNIX like
permission structure based upon the security features of Windows NT. permission structure based upon the security features of Windows NT.
To describe the changes, I will give a short overview of NT security To describe the changes, I will give a short overview of NT security
in chapter one.</para> in chapter one.</para>
@ -129,7 +129,7 @@ set </para></listitem>
</itemizedlist> </itemizedlist>
<para>The two important types of ACEs are the `access allowed ACE' and the <para>The two important types of ACEs are the `access allowed ACE' and the
`access denied ACE'. The ntsec patch only used `access allowed ACEs' up `access denied ACE'. The ntsec functionality only used `access allowed ACEs' up
to Cygwin version 1.1.0. Later versions also use `access denied ACEs' to Cygwin version 1.1.0. Later versions also use `access denied ACEs'
to reflect the UNIX permissions as well as possible.</para> to reflect the UNIX permissions as well as possible.</para>
@ -141,7 +141,7 @@ from the write permission.</para>
to objects in a far more specific way. But what about cygwin? In a POSIX to objects in a far more specific way. But what about cygwin? In a POSIX
environment it would be fine to have the security behavior of a POSIX environment it would be fine to have the security behavior of a POSIX
system. The NT security model is MOSTLY able to reproduce the POSIX model. system. The NT security model is MOSTLY able to reproduce the POSIX model.
The ntsec patch tries to do this in cygwin.</para> The ntsec method tries to do this in cygwin.</para>
<para>You ask "Mostly? Why mostly???" Because there's a leak in the NT model. <para>You ask "Mostly? Why mostly???" Because there's a leak in the NT model.
I will describe that in detail in chapter 4.</para> I will describe that in detail in chapter 4.</para>
@ -158,7 +158,7 @@ see only two simple variations in use:</para>
data structure is used, the `security attributes' (SA). This structure data structure is used, the `security attributes' (SA). This structure
contains an SD and a flag that specifies whether the returned handle contains an SD and a flag that specifies whether the returned handle
to the object is inherited to child processes or not. to the object is inherited to child processes or not.
This property is not important for the ntsec patch description so in This property is not important for ntsec so in
this document the difference between SDs and SAs is ignored.</para> this document the difference between SDs and SAs is ignored.</para>
</sect2> </sect2>
@ -168,14 +168,14 @@ this document the difference between SDs and SAs is ignored.</para>
<para>Any process started under control of cygwin has a semaphore attached <para>Any process started under control of cygwin has a semaphore attached
to it, that is used for signaling purposes. The creation of this semaphore to it, that is used for signaling purposes. The creation of this semaphore
can be found in sigproc.cc, function `getsem'. The first parameter to the can be found in sigproc.cc, function `getsem'. The first parameter to the
function call `CreateSemaphore' is an SA. Without ntsec patch this SA function call `CreateSemaphore' is an SA. Without ntsec this SA
assigns default security to the semaphore. There is a simple disadvantage: assigns default security to the semaphore. There is a simple disadvantage:
Only the owner of the process may send signals to it. Or, in other words, Only the owner of the process may send signals to it. Or, in other words,
if the owner of the process is not a member of the administrators' group, if the owner of the process is not a member of the administrators' group,
no administrator may kill the process! This is especially annoying, if no administrator may kill the process! This is especially annoying, if
processes are started via service manager.</para> processes are started via service manager.</para>
<para>The ntsec patch now assigns an SA to the process control semaphore, that <para>Ntsec now assigns an SA to the process control semaphore, that
has each permission set for the user of the process, for the has each permission set for the user of the process, for the
administrators' group and for `system', which is a synonym for the administrators' group and for `system', which is a synonym for the
operating system itself. The creation of this SA is done by the function operating system itself. The creation of this SA is done by the function
@ -234,7 +234,7 @@ in French, etc.), in domains it is named 'Domain Users'. Unfortunately,
the group `None' is never shown in the user admin tool outside of domains! the group `None' is never shown in the user admin tool outside of domains!
This is very confusing but this seems to have no negative consequences.</para> This is very confusing but this seems to have no negative consequences.</para>
<para>To work correctly the ntsec patch depends on the files <para>To work correctly, ntsec depends on the files
<filename>/etc/passwd/</filename> and <filename>/etc/group</filename>. <filename>/etc/passwd/</filename> and <filename>/etc/group</filename>.
In cygwin release 1.0 the names and the IDs must correspond to the In cygwin release 1.0 the names and the IDs must correspond to the
appropriate NT IDs! The IDs used in cygwin are the RID of the NT SID, as appropriate NT IDs! The IDs used in cygwin are the RID of the NT SID, as