Loading ...
Sorry, an error occurred while loading the content.

27590Re: Win32 ACLs unreliable.

Expand Messages
  • Bram Moolenaar
    Mar 3, 2002
    • 0 Attachment
      Mike Williams wrote:

      > Looking into some problem reports to do with Windows ACL checks, it
      > seems that the NT high level security functions are very buggy and the
      > only thing the OS service packs do is change the current set of bugs.
      > Google turns up a nice list of problems for all major NT releases it
      > seems.

      That's disappointing.

      > The only reliable approach to ACL handling seems to be to get down and
      > dirty with the low level system calls. A quick Google search has
      > turned up the following page as having sample code that could be used
      > as a basis for rewriting the ACL checking:
      >
      > http://mvps.org/win32/security/fksec.html
      >
      > Until I (or someone else) gets a chance to review this and reimplement
      > the relevant bits in C (it's in C++) I recommend that Yet Another
      > Option (TM - V.Negri) is added to turn off ACL checking that users can
      > use if they experience problems. Not a full solution but at least
      > that should prevent a large number of complaints.

      I don't like adding an option for this. It's not a real solution, it
      just shifts the problem towards the user.

      How about an alternative: Can we try writing to the file to find out if
      it's writable? Opening the file for appending should not change the
      file in any way. The possible side effect is that the timestamp of the
      file changes when you edit it with Vim.

      This should at least be restricted to file systems that have ACL
      capabilities.

      Alternatively, we can assume all files on ACL'ed file systems are
      writable, since mostly people complain if a file is marked read-only
      while its actually writable.

      --
      A meeting is an event at which the minutes are kept and the hours are lost.

      /// Bram Moolenaar -- Bram@... -- http://www.moolenaar.net \\\
      /// Creator of Vim -- http://vim.sf.net -- ftp://ftp.vim.org/pub/vim \\\
      \\\ Project leader for A-A-P -- http://www.a-a-p.org ///
      \\\ Help me helping AIDS orphans in Uganda - http://iccf-holland.org ///
    • Show all 11 messages in this topic