Loading ...
Sorry, an error occurred while loading the content.

Win32 ACLs unreliable.

Expand Messages
  • Mike Williams
    Hi peeps, Looking into some problem reports to do with Windows ACL checks, it seems that the NT high level security functions are very buggy and the only thing
    Message 1 of 11 , Mar 3, 2002
    • 0 Attachment
      Hi peeps,

      Looking into some problem reports to do with Windows ACL checks, it seems that the
      NT high level security functions are very buggy and the only thing the OS service
      packs do is change the current set of bugs. Google turns up a nice list of problems
      for all major NT releases it seems.

      The only reliable approach to ACL handling seems to be to get down and dirty with
      the low level system calls. A quick Google search has turned up the following page as
      having sample code that could be used as a basis for rewriting the ACL checking:

      http://mvps.org/win32/security/fksec.html

      Until I (or someone else) gets a chance to review this and reimplement the relevant
      bits in C (it's in C++) I recommend that Yet Another Option (TM - V.Negri) is added to
      turn off ACL checking that users can use if they experience problems. Not a full
      solution but at least that should prevent a large number of complaints.

      Mike
      --
      Help! Someone turned reality back on.
    • Bram Moolenaar
      ... That s disappointing. ... I don t like adding an option for this. It s not a real solution, it just shifts the problem towards the user. How about an
      Message 2 of 11 , Mar 3, 2002
      • 0 Attachment
        Mike Williams wrote:

        > Looking into some problem reports to do with Windows ACL checks, it
        > seems that the NT high level security functions are very buggy and the
        > only thing the OS service packs do is change the current set of bugs.
        > Google turns up a nice list of problems for all major NT releases it
        > seems.

        That's disappointing.

        > The only reliable approach to ACL handling seems to be to get down and
        > dirty with the low level system calls. A quick Google search has
        > turned up the following page as having sample code that could be used
        > as a basis for rewriting the ACL checking:
        >
        > http://mvps.org/win32/security/fksec.html
        >
        > Until I (or someone else) gets a chance to review this and reimplement
        > the relevant bits in C (it's in C++) I recommend that Yet Another
        > Option (TM - V.Negri) is added to turn off ACL checking that users can
        > use if they experience problems. Not a full solution but at least
        > that should prevent a large number of complaints.

        I don't like adding an option for this. It's not a real solution, it
        just shifts the problem towards the user.

        How about an alternative: Can we try writing to the file to find out if
        it's writable? Opening the file for appending should not change the
        file in any way. The possible side effect is that the timestamp of the
        file changes when you edit it with Vim.

        This should at least be restricted to file systems that have ACL
        capabilities.

        Alternatively, we can assume all files on ACL'ed file systems are
        writable, since mostly people complain if a file is marked read-only
        while its actually writable.

        --
        A meeting is an event at which the minutes are kept and the hours are lost.

        /// Bram Moolenaar -- Bram@... -- http://www.moolenaar.net \\\
        /// Creator of Vim -- http://vim.sf.net -- ftp://ftp.vim.org/pub/vim \\\
        \\\ Project leader for A-A-P -- http://www.a-a-p.org ///
        \\\ Help me helping AIDS orphans in Uganda - http://iccf-holland.org ///
      • Vince Negri
        ... I d go with this. It s much less irritating to occasionally get a warning when trying to save a file which is actually read-only (from ACLs) but Vim
        Message 3 of 11 , Mar 4, 2002
        • 0 Attachment
          On 03 Mar 2002, 12:15 Bram Moolenaar wrote:
          > Alternatively, we can assume all files on ACL'ed file systems are
          > writable, since mostly people complain if a file is marked read-only
          > while its actually writable.

          I'd go with this. It's much less irritating to occasionally get a
          warning when trying to save a file which is actually read-only (from
          ACLs) but Vim thought was writeable, than to be told a writeable file
          is read-only.

          BTW, the editor in Visual Studio isn't ACL-aware and neither is that
          in C++ Builder, so while reliable ACL support would be nice, its
          absence isn't something that heinous (at least on MS Windows
          platforms)

          --
          Vince Negri (vnegri@...) The Man with no Mouse
          Money doesn't buy you happiness but it gets you to the front of the queue.
        • Mike Williams
          ... Until we write a replacement for GetEffectiveRightsFromAcl() - admittedly not a nice solution as this could be a fair amount of code. ... Maybe, I ll
          Message 4 of 11 , Mar 4, 2002
          • 0 Attachment
            On 3 Mar 2002 at 13:15, Bram Moolenaar wrote:

            > > The only reliable approach to ACL handling seems to be to get down and
            > > dirty with the low level system calls. A quick Google search has
            > > turned up the following page as having sample code that could be used
            > > as a basis for rewriting the ACL checking:
            > >
            > > http://mvps.org/win32/security/fksec.html
            > >
            > > Until I (or someone else) gets a chance to review this and reimplement
            > > the relevant bits in C (it's in C++) I recommend that Yet Another
            > > Option (TM - V.Negri) is added to turn off ACL checking that users can
            > > use if they experience problems. Not a full solution but at least
            > > that should prevent a large number of complaints.
            >
            > I don't like adding an option for this. It's not a real solution, it
            > just shifts the problem towards the user.

            Until we write a replacement for GetEffectiveRightsFromAcl() - admittedly not a nice
            solution as this could be a fair amount of code.

            > How about an alternative: Can we try writing to the file to find out if
            > it's writable? Opening the file for appending should not change the
            > file in any way. The possible side effect is that the timestamp of the
            > file changes when you edit it with Vim.

            Maybe, I'll investigate.

            > This should at least be restricted to file systems that have ACL
            > capabilities.

            Doing it in acl_check() will ensure that the check for the file system supporting ACLs
            has been done.

            > Alternatively, we can assume all files on ACL'ed file systems are
            > writable, since mostly people complain if a file is marked read-only
            > while its actually writable.

            The original bug report was due to assuming this - someone reported that he was
            unable to write to a file not marked as read-only due to an ACL not allowing writes.
            How ironic ;)

            I'm verging back towards remove ACL support on Windows. I doubt anywhere that is
            using ACLs in anger would have VIM around - they would be having som many
            problems with other applications that don't take notice of ACLs.

            Mike
            --
            Genealogy tracing us back to the same brother and sister.
          • Bram Moolenaar
            ... It indeed appears that going back to the old solution would be better. One last attempt to do at least some ACL things: Can we add a check that returns
            Message 5 of 11 , Mar 4, 2002
            • 0 Attachment
              Mike Williams wrote:

              > > How about an alternative: Can we try writing to the file to find out if
              > > it's writable? Opening the file for appending should not change the
              > > file in any way. The possible side effect is that the timestamp of the
              > > file changes when you edit it with Vim.
              >
              > Maybe, I'll investigate.
              >
              > > This should at least be restricted to file systems that have ACL
              > > capabilities.
              >
              > Doing it in acl_check() will ensure that the check for the file system
              > supporting ACLs has been done.
              >
              > > Alternatively, we can assume all files on ACL'ed file systems are
              > > writable, since mostly people complain if a file is marked read-only
              > > while its actually writable.
              >
              > The original bug report was due to assuming this - someone reported
              > that he was unable to write to a file not marked as read-only due to
              > an ACL not allowing writes. How ironic ;)
              >
              > I'm verging back towards remove ACL support on Windows. I doubt
              > anywhere that is using ACLs in anger would have VIM around - they
              > would be having som many problems with other applications that don't
              > take notice of ACLs.

              It indeed appears that going back to the old solution would be better.
              One last attempt to do at least some ACL things: Can we add a check that
              returns three possible values:
              ACL check returns "file is writable"
              ACL check returns "file is r/o"
              ACL is unreliable, ignore it.

              And then use the third option whenever we have some doubt that ACL is
              actually working. When that's always the case, it should be very simple
              to implement! :-)

              --
              hundred-and-one symptoms of being an internet addict:
              118. You are on a first-name basis with your ISP's staff.

              /// Bram Moolenaar -- Bram@... -- http://www.moolenaar.net \\\
              /// Creator of Vim -- http://vim.sf.net -- ftp://ftp.vim.org/pub/vim \\\
              \\\ Project leader for A-A-P -- http://www.a-a-p.org ///
              \\\ Help me helping AIDS orphans in Uganda - http://iccf-holland.org ///
            • Vince Negri
              ... On NT4 Sp4, GetEffectiveRightsFromAcl() returns bilge, so the answer on this platform would always be number 3! I think that until someone hand-rolls a
              Message 6 of 11 , Mar 4, 2002
              • 0 Attachment
                > Bram Moolenaar [SMTP:Bram@...] wrote:
                >
                > It indeed appears that going back to the old solution would be better.
                > One last attempt to do at least some ACL things: Can we add a check that
                > returns three possible values:
                > ACL check returns "file is writable"
                > ACL check returns "file is r/o"
                > ACL is unreliable, ignore it.

                > And then use the third option whenever we have some doubt that ACL is
                > actually working. When that's always the case, it should be very simple
                > to implement! :-)

                On NT4 Sp4, GetEffectiveRightsFromAcl() returns bilge, so the answer on
                this platform would always be number 3!

                I think that until someone hand-rolls a VimGetEffectiveRightsFromAcl()
                which actually works, Win32 ACL-checking should be compiled out for 6.1
                final.

                Vince
              • Mike Williams
                ... Oh it is easy - just return the 3rd value all the time. :-) The ACL works fine, the Win32 function that builds the access mask from the ACL is unreliable,
                Message 7 of 11 , Mar 4, 2002
                • 0 Attachment
                  On 4 Mar 2002 at 11:17, Bram Moolenaar wrote:

                  > It indeed appears that going back to the old solution would be better.
                  > One last attempt to do at least some ACL things: Can we add a check that
                  > returns three possible values:
                  > ACL check returns "file is writable"
                  > ACL check returns "file is r/o"
                  > ACL is unreliable, ignore it.
                  >
                  > And then use the third option whenever we have some doubt that ACL is
                  > actually working. When that's always the case, it should be very simple
                  > to implement! :-)

                  Oh it is easy - just return the 3rd value all the time. :-) The ACL works fine, the
                  Win32 function that builds the access mask from the ACL is unreliable, buggy,
                  kapput! The problem depends on the host OS and service pack, the networked
                  machine's OS and service pack, the contents of the ACL, and how the host OS joined
                  the network that the network machine is part of (and possibly other factors which MS
                  have not owned up to yet!)

                  The only solution is to roll our own version of GetEffectiveRightsFromAcl(), which is
                  most likely easier than resolving the above conditions to see if we should bother
                  checking the ACL in the first place :-(

                  Well, I'll try the open for write hack and see what happens.

                  Mike
                  --
                  Belladonna: In Italian, a beautiful lady; in English a deadly poison.
                • vipin aravind
                  another way would be to ship advapi32.dll(proper one SP5) renamed to someother dll with vim. Is that redistributable? and then
                  Message 8 of 11 , Mar 4, 2002
                  • 0 Attachment
                    another way would be to ship advapi32.dll(proper one SP5)
                    renamed to someother dll with vim.
                    Is that redistributable?
                    and then getproc and use as it is done now.
                    vipin

                    > > Bram Moolenaar [SMTP:Bram@...] wrote:
                    > >
                    > > It indeed appears that going back to the old solution would be better.
                    > > One last attempt to do at least some ACL things: Can we add a check that
                    > > returns three possible values:
                    > > ACL check returns "file is writable"
                    > > ACL check returns "file is r/o"
                    > > ACL is unreliable, ignore it.
                    >
                    > > And then use the third option whenever we have some doubt that ACL is
                    > > actually working. When that's always the case, it should be very simple
                    > > to implement! :-)
                    >
                    > On NT4 Sp4, GetEffectiveRightsFromAcl() returns bilge, so the answer on
                    > this platform would always be number 3!
                    >
                    > I think that until someone hand-rolls a VimGetEffectiveRightsFromAcl()
                    > which actually works, Win32 ACL-checking should be compiled out for 6.1
                    > final.
                    >
                    > Vince
                    >
                  • Mike Williams
                    I don t know for sure, but my guess would be you cannot redistribute. A couple of years ago there was a major bug in one of the standard dialog dlls (I forget
                    Message 9 of 11 , Mar 4, 2002
                    • 0 Attachment
                      I don't know for sure, but my guess would be you cannot redistribute.

                      A couple of years ago there was a major bug in one of the standard dialog dlls (I
                      forget which one). A number of software companies wanted to redistribute it with
                      their application but MS would only allow them to do this as part of an IE distribution
                      (IIRC) Anyway, it was something like a 5MB distribution for a 300KB dll.

                      On 4 Mar 2002 at 16:21, vipin aravind wrote:

                      > another way would be to ship advapi32.dll(proper one SP5)
                      > renamed to someother dll with vim.
                      > Is that redistributable?
                      > and then getproc and use as it is done now.
                      > vipin
                      >
                      > > > Bram Moolenaar [SMTP:Bram@...] wrote:
                      > > >
                      > > > It indeed appears that going back to the old solution would be better.
                      > > > One last attempt to do at least some ACL things: Can we add a check that
                      > > > returns three possible values:
                      > > > ACL check returns "file is writable"
                      > > > ACL check returns "file is r/o"
                      > > > ACL is unreliable, ignore it.
                      > >
                      > > > And then use the third option whenever we have some doubt that ACL is
                      > > > actually working. When that's always the case, it should be very simple
                      > > > to implement! :-)
                      > >
                      > > On NT4 Sp4, GetEffectiveRightsFromAcl() returns bilge, so the answer on
                      > > this platform would always be number 3!
                      > >
                      > > I think that until someone hand-rolls a VimGetEffectiveRightsFromAcl()
                      > > which actually works, Win32 ACL-checking should be compiled out for 6.1
                      > > final.
                      > >
                      > > Vince
                      > >
                      >
                      >

                      Mike
                      --
                      Experience is a good teacher but her fees are high...
                    • Vince Negri
                      ... There is a file installed with VC++ called redist.txt which lists what you can redistribute. advapi32.dll isn t on the list, so the answer is no, you
                      Message 10 of 11 , Mar 4, 2002
                      • 0 Attachment
                        > > another way would be to ship advapi32.dll(proper one SP5)
                        > > renamed to someother dll with vim.
                        > > Is that redistributable?
                        > > and then getproc and use as it is done now.
                        > > vipin
                        > >
                        >
                        There is a file installed with VC++ called "redist.txt" which lists what
                        you can redistribute.

                        advapi32.dll isn't on the list, so the answer is no, you can't redistribute
                        it with Vim.
                      • Bram Moolenaar
                        ... That file is very likely copyright protected. And who knows what the interference with other applications will be when you replace it? Better stay away
                        Message 11 of 11 , Mar 4, 2002
                        • 0 Attachment
                          Vipin Aravind wrote:

                          > another way would be to ship advapi32.dll(proper one SP5)
                          > renamed to someother dll with vim.
                          > Is that redistributable?
                          > and then getproc and use as it is done now.

                          That file is very likely copyright protected. And who knows what the
                          interference with other applications will be when you replace it?
                          Better stay away from system .dll files!

                          --
                          hundred-and-one symptoms of being an internet addict:
                          119. You are reading a book and look for the scroll bar to get to
                          the next page.

                          /// Bram Moolenaar -- Bram@... -- http://www.moolenaar.net \\\
                          /// Creator of Vim -- http://vim.sf.net -- ftp://ftp.vim.org/pub/vim \\\
                          \\\ Project leader for A-A-P -- http://www.a-a-p.org ///
                          \\\ Help me helping AIDS orphans in Uganda - http://iccf-holland.org ///
                        Your message has been successfully submitted and would be delivered to recipients shortly.