diff options
| -rw-r--r-- | winsup/doc/ChangeLog | 6 | ||||
| -rw-r--r-- | winsup/doc/highlights.xml | 17 | ||||
| -rw-r--r-- | winsup/doc/new-features.xml | 5 | ||||
| -rw-r--r-- | winsup/doc/utils.xml | 11 |
4 files changed, 29 insertions, 10 deletions
diff --git a/winsup/doc/ChangeLog b/winsup/doc/ChangeLog index 4ccd7d328..e814ffbb8 100644 --- a/winsup/doc/ChangeLog +++ b/winsup/doc/ChangeLog @@ -1,3 +1,9 @@ +2014-10-27 Corinna Vinschen <corinna@vinschen.de> + + * highlights.xml: Rearrange itemizedlist markup slightly. + * new-features.xml (ov-new1.7.33): Add setfacl -b option. + * utils.xml (setfacl): Ditto. + 2014-10-24 Luke Kendall <luke.kendall@cisra.canon.com.au> * ntsec.xml: More language and typo fixes. diff --git a/winsup/doc/highlights.xml b/winsup/doc/highlights.xml index 5de789a8c..76eb3fb1c 100644 --- a/winsup/doc/highlights.xml +++ b/winsup/doc/highlights.xml @@ -245,8 +245,9 @@ support for cloning address space between processes and several features actively undermine a reliable <literal>fork</literal> implementation. Three issues are especially prevalent:</para> -<para><itemizedlist> -<listitem>DLL base address collisions. Unlike *nix shared +<itemizedlist mark="bullet"> + +<listitem><para>DLL base address collisions. Unlike *nix shared libraries, which use "position-independent code", Windows shared libraries assume a fixed base address. Whenever the hard-wired address ranges of two DLLs collide (which occurs quite often), the @@ -259,18 +260,18 @@ statically-linked dlls (dependencies known at compile time) are resolved before <literal>cygwin1.dll</literal> initializes and cannot be fixed afterward. This problem can only be solved by removing the base address conflicts which cause the problem, -usually using the <literal>rebaseall</literal> tool.</listitem> +usually using the <literal>rebaseall</literal> tool.</para></listitem> -<listitem>Address space layout randomization (ASLR). Starting with +<listitem><para>Address space layout randomization (ASLR). Starting with Vista, Windows implements ASLR, which means that thread stacks, heap, memory-mapped files, and statically-linked dlls are placed at different (random) locations in each process. This behaviour interferes with a proper <literal>fork</literal>, and if an unmovable object (process heap or system dll) ends up at the wrong location, Cygwin can do nothing to compensate (though it will -retry a few times automatically).</listitem> +retry a few times automatically).</para></listitem> -<listitem>DLL injection by +<listitem><para>DLL injection by <ulink url="http://cygwin.com/faq/faq.html#faq.using.bloda"> BLODA</ulink>. Badly-behaved applications which inject dlls into other processes often manage to clobber important @@ -279,7 +280,9 @@ collisions which rebasing cannot fix. The only way to resolve this problem is to remove (usually uninstall) the offending app. See <xref linkend="cygwinenv-implemented-options"></xref> for the <literal>detect_bloda</literal> option, which may be able to identify the -BLODA.</listitem></itemizedlist></para> +BLODA.</para></listitem> + +</itemizedlist> <para>In summary, current Windows implementations make it impossible to implement a perfectly reliable fork, and occasional diff --git a/winsup/doc/new-features.xml b/winsup/doc/new-features.xml index f3a49815c..9ac630c04 100644 --- a/winsup/doc/new-features.xml +++ b/winsup/doc/new-features.xml @@ -15,6 +15,11 @@ without having to create /etc/passwd and /etc/group files. Introduce /etc/nsswitch.conf file to configure passwd/group handling. </para> +<listitem><para> +Add -b/--remove-all option to setfacl to reduce the ACL to only the entries +representing POSIX permission bits. +</para></listitem> + <para> For bordercase which require to use /etc/passwd and /etc/group files, change mkpasswd/mkgroup to generate passwd/group entries compatible with diff --git a/winsup/doc/utils.xml b/winsup/doc/utils.xml index acbda53d8..7c90d726e 100644 --- a/winsup/doc/utils.xml +++ b/winsup/doc/utils.xml @@ -1683,11 +1683,13 @@ Example: regtool.exe get '\user\software\Microsoft\Clock\iFormat' <title>setfacl</title> <screen> -Usage: setfacl [-r] (-f ACL_FILE | -s acl_entries) FILE... - setfacl [-r] ([-d acl_entries] [-m acl_entries]) FILE... +Usage: setfacl [-r] {-f ACL_FILE | -s acl_entries} FILE... + setfacl [-r] {-b|[-d acl_entries] [-m acl_entries]} FILE... + Modify file and directory access control lists (ACLs) + -b, --remove-all remove all extended ACL entries -d, --delete delete one or more specified ACL entries -f, --file set ACL entries for FILE to ACL entries read from a ACL_FILE @@ -1699,7 +1701,7 @@ Modify file and directory access control lists (ACLs) -h, --help output usage information and exit -V, --version output version information and exit -At least one of (-d, -f, -m, -s) must be specified +At least one of (-b, -d, -f, -m, -s) must be specified </screen> <para> For each file given as parameter, <command>setfacl</command> will @@ -1733,6 +1735,9 @@ At least one of (-d, -f, -m, -s) must be specified <para> The following options are supported: </para> + <para> <literal>-b</literal> Remove all extended ACL entries. The base + ACL entries of the owner, group and others are retained.</para> + <para> <literal>-d</literal> Delete one or more specified entries from the file's ACL. The owner, group and others entries must not be deleted. Acl_entries to be deleted should be specified without permissions, as in |