cygwin can bypass windows xp acls?

How is cygwin able to bypass Windows XP ACLS? In the following example, cmd.exe cannot create a file in a directory but bash can. What gives?

C:\WINDOWS\Temp>mkdir noaccess

C:\WINDOWS\Temp>cacls noaccess /E /R Everyone
processed dir: C:\WINDOWS\Temp\noaccess

C:\WINDOWS\Temp>cacls noaccess
C:\WINDOWS\Temp\noaccess

C:\WINDOWS\Temp>echo abc > noaccess\abc
Access is denied.

C:\WINDOWS\Temp>c:\cygwin\bin\bash -c "echo abc > noaccess/abc"

C:\WINDOWS\Temp>c:\cygwin\bin\bash -c "/bin/cat noaccess/abc"
abc

Miserable Variable

Posted 2012-02-10T20:18:14.810

Reputation: 759

Answers

Cygwin apps do not have any special privileges, but they do "try harder". If a Win32 call fails, Cygwin will try using an NT kernel API function to perform the equivalent operation (and sometimes it just uses the NT kernel API first). Oddly, the NT kernel APIs can succeed where Win32 APIs fail.

Fran

Posted 2012-02-10T20:18:14.810

Reputation: 4 774

I guess it's to do with the noacl option

noacl - Cygwin ignores filesystem ACLs and only fakes a subset of permission bits based on the DOS readonly attribute. This behaviour is the default on FAT and FAT32. The flag is ignored on NFS filesystems.

This doesn't really explain how Windows isn't able to enforce ACLs. I guess Cygwin has elevated privileges of some sort. Probably this will become clearer if you read about Cygwin and "NT" Security

RedGrittyBrick

Posted 2012-02-10T20:18:14.810

Reputation: 70 632

Thanks. The filesystem is NTFS so the FAT part does not apply. It certainly seems cygwin is running with some privileges but I would have thought it would not do so by default. The documentation you referenced probably explains this but it seems very involved and quick read does not show any sections that specifically talk about cygwin using privileged access. – Miserable Variable – 2012-02-10T21:11:54.493

Cygwin's docs on NTFS and ACLs under Cygwin: http://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-files

– Andrew Lambert – 2012-02-10T22:36:02.043