[RFC] Handle process token groups in server/file.c::sd_to_mode
Rob Shearman
robertshearman at gmail.com
Mon Nov 16 10:24:14 CST 2009
2009/11/16 Ben Peddell <klightspeed at netspace.net.au>:
> This proposed patch (which I believe will contribute toward solving bugs
> 17672, 19588 and 20643, and any others where the permissions are set too
> restrictive) exposes the token_sid_present call in token.c,
> and uses it to check the SIDs in the security descriptor against those
> in the process token.
>
> Are there any changes anyone can think of before I submit it to
> wine-patches?
>
> Is there a better (already exposed) way of checking a SID against the
> process token's group list?
Hi Ben,
While I agree that there is a problem that needs to be fixed, I'm not
sure this is the right approach. I think you need to take a step back
and consider the meanings of the different SIDs in a token by default
and how they map wine running inside the Unix permissions model. For
example, maybe these mappings make sense:
security_local_sid -> user + group + others
security_interactive_sid -> user + group + others
alias_users_sid -> user + group + others?
Now it's likely that the bugs you are trying to fix are trying to set
the SD for a file to alias_admins_sid or alias_users_sid. The mapping
for alias_admins_sid is less clear - one could argue that all Wine
users on a given system would present themselves as admins to apps,
but then again the apps may be restricting permissions on a file
because it contains sensitive data and should only be shared with
other admins (which would be trusted as such, unlike other users on a
system).
--
Rob Shearman
More information about the wine-devel
mailing list