JehanneOS
/
newlib
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

* highlights.xml: Rearrange itemizedlist markup slightly. 

* new-features.xml (ov-new1.7.33): Add setfacl -b option.
	* utils.xml (setfacl): Ditto.
This commit is contained in:
Corinna Vinschen 2014-10-27 10:34:17 +00:00
parent 8170e43b48
commit f1271e19c3
4 changed files with 29 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
winsup/doc/ChangeLog
View File

@ -1,3 +1,9 @@
2014-10-27 Corinna Vinschen <corinna@vinschen.de>
* highlights.xml: Rearrange itemizedlist markup slightly.
* new-features.xml (ov-new1.7.33): Add setfacl -b option.
* utils.xml (setfacl): Ditto.
2014-10-24 Luke Kendall <luke.kendall@cisra.canon.com.au> 2014-10-24 Luke Kendall <luke.kendall@cisra.canon.com.au>
* ntsec.xml: More language and typo fixes. * ntsec.xml: More language and typo fixes.

17
winsup/doc/highlights.xml
View File

@ -245,8 +245,9 @@ support for cloning address space between processes and several
features actively undermine a reliable <literal>fork</literal> features actively undermine a reliable <literal>fork</literal>
implementation. Three issues are especially prevalent:</para> implementation. Three issues are especially prevalent:</para>
<para><itemizedlist> <itemizedlist mark="bullet">
<listitem>DLL base address collisions. Unlike *nix shared
<listitem><para>DLL base address collisions. Unlike *nix shared
libraries, which use "position-independent code", Windows shared libraries, which use "position-independent code", Windows shared
libraries assume a fixed base address. Whenever the hard-wired libraries assume a fixed base address. Whenever the hard-wired
address ranges of two DLLs collide (which occurs quite often), the address ranges of two DLLs collide (which occurs quite often), the
@ -259,18 +260,18 @@ statically-linked dlls (dependencies known at compile time) are
resolved before <literal>cygwin1.dll</literal> initializes and resolved before <literal>cygwin1.dll</literal> initializes and
cannot be fixed afterward. This problem can only be solved by cannot be fixed afterward. This problem can only be solved by
removing the base address conflicts which cause the problem, removing the base address conflicts which cause the problem,
usually using the <literal>rebaseall</literal> tool.</listitem> usually using the <literal>rebaseall</literal> tool.</para></listitem>
<listitem>Address space layout randomization (ASLR). Starting with <listitem><para>Address space layout randomization (ASLR). Starting with
Vista, Windows implements ASLR, which means that thread stacks, Vista, Windows implements ASLR, which means that thread stacks,
heap, memory-mapped files, and statically-linked dlls are placed heap, memory-mapped files, and statically-linked dlls are placed
at different (random) locations in each process. This behaviour at different (random) locations in each process. This behaviour
interferes with a proper <literal>fork</literal>, and if an interferes with a proper <literal>fork</literal>, and if an
unmovable object (process heap or system dll) ends up at the wrong unmovable object (process heap or system dll) ends up at the wrong
location, Cygwin can do nothing to compensate (though it will location, Cygwin can do nothing to compensate (though it will
retry a few times automatically).</listitem> retry a few times automatically).</para></listitem>
<listitem>DLL injection by <listitem><para>DLL injection by
<ulink url="http://cygwin.com/faq/faq.html#faq.using.bloda"> <ulink url="http://cygwin.com/faq/faq.html#faq.using.bloda">
BLODA</ulink>. Badly-behaved applications which BLODA</ulink>. Badly-behaved applications which
inject dlls into other processes often manage to clobber important inject dlls into other processes often manage to clobber important
@ -279,7 +280,9 @@ collisions which rebasing cannot fix. The only way to resolve this
problem is to remove (usually uninstall) the offending app. See problem is to remove (usually uninstall) the offending app. See
<xref linkend="cygwinenv-implemented-options"></xref> for the <xref linkend="cygwinenv-implemented-options"></xref> for the
<literal>detect_bloda</literal> option, which may be able to identify the <literal>detect_bloda</literal> option, which may be able to identify the
BLODA.</listitem></itemizedlist></para> BLODA.</para></listitem>
</itemizedlist>
<para>In summary, current Windows implementations make it <para>In summary, current Windows implementations make it
impossible to implement a perfectly reliable fork, and occasional impossible to implement a perfectly reliable fork, and occasional

5
winsup/doc/new-features.xml
View File

@ -15,6 +15,11 @@ without having to create /etc/passwd and /etc/group files. Introduce
/etc/nsswitch.conf file to configure passwd/group handling. /etc/nsswitch.conf file to configure passwd/group handling.
</para> </para>
<listitem><para>
Add -b/--remove-all option to setfacl to reduce the ACL to only the entries
representing POSIX permission bits.
</para></listitem>
<para> <para>
For bordercase which require to use /etc/passwd and /etc/group files, For bordercase which require to use /etc/passwd and /etc/group files,
change mkpasswd/mkgroup to generate passwd/group entries compatible with change mkpasswd/mkgroup to generate passwd/group entries compatible with

11
winsup/doc/utils.xml
View File

@ -1683,11 +1683,13 @@ Example: regtool.exe get '\user\software\Microsoft\Clock\iFormat'
<title>setfacl</title> <title>setfacl</title>
<screen> <screen>
Usage: setfacl [-r] (-f ACL_FILE | -s acl_entries) FILE... Usage: setfacl [-r] {-f ACL_FILE | -s acl_entries} FILE...
setfacl [-r] ([-d acl_entries] [-m acl_entries]) FILE... setfacl [-r] {-b|[-d acl_entries] [-m acl_entries]} FILE...
Modify file and directory access control lists (ACLs) Modify file and directory access control lists (ACLs)
-b, --remove-all remove all extended ACL entries
-d, --delete delete one or more specified ACL entries -d, --delete delete one or more specified ACL entries
-f, --file set ACL entries for FILE to ACL entries read -f, --file set ACL entries for FILE to ACL entries read
from a ACL_FILE from a ACL_FILE
@ -1699,7 +1701,7 @@ Modify file and directory access control lists (ACLs)
-h, --help output usage information and exit -h, --help output usage information and exit
-V, --version output version information and exit -V, --version output version information and exit
At least one of (-d, -f, -m, -s) must be specified At least one of (-b, -d, -f, -m, -s) must be specified
</screen> </screen>
<para> For each file given as parameter, <command>setfacl</command> will <para> For each file given as parameter, <command>setfacl</command> will
@ -1733,6 +1735,9 @@ At least one of (-d, -f, -m, -s) must be specified
<para> The following options are supported: </para> <para> The following options are supported: </para>
<para> <literal>-b</literal> Remove all extended ACL entries. The base
ACL entries of the owner, group and others are retained.</para>
<para> <literal>-d</literal> Delete one or more specified entries from the <para> <literal>-d</literal> Delete one or more specified entries from the
file's ACL. The owner, group and others entries must not be deleted. file's ACL. The owner, group and others entries must not be deleted.
Acl_entries to be deleted should be specified without permissions, as in Acl_entries to be deleted should be specified without permissions, as in