Skip to content

mingw: special-case administrators even more#1893

Closed
dscho wants to merge 2 commits intogitgitgadget:masterfrom
dscho:admins-are-admins-on-windows
Closed

mingw: special-case administrators even more#1893
dscho wants to merge 2 commits intogitgitgadget:masterfrom
dscho:admins-are-admins-on-windows

Conversation

@dscho
Copy link
Member

@dscho dscho commented Mar 25, 2025

On Windows, a file created by a process running in elevated mode is owned by the Administrators group (not by the user's account who would otherwise be able to modify or delete the file in non-elevated mode). Let's adjust the "safe directory" feature accordingly.

Naturally, this patch series does not add a regression test (because it can't, you cannot automate elevating processes).

This patch series is a companion of microsoft#712.

dscho added 2 commits March 25, 2025 10:23
@dscho
mingw: special-case administrators even more
90aec07 
The check for dubious ownership has one particular quirk on Windows: if
running as an administrator, files owned by the Administrators _group_
are considered owned by the user.

The rationale for that is: When running in elevated mode, Git creates
files that aren't owned by the individual user but by the Administrators
group.

There is yet another quirk, though: The check I introduced to determine
whether the current user is an administrator uses the
`CheckTokenMembership()` function with the current process token. And
that check only succeeds when running in elevated mode!

Let's be a bit more lenient here and look harder whether the current
user is an administrator. We do this by looking for a so-called "linked
token". That token exists when administrators run in non-elevated mode,
and can be used to create a new process in elevated mode. And feeding
_that_ token to the `CheckTokenMembership()` function succeeds!

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
@dscho
test-tool path-utils: support debugging "dubious ownership" issues
1daac3f 
This adds a new sub-sub-command for `test-tool`, simply passing through
the command-line arguments to the `is_path_owned_by_current_user()`
function.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
@dscho dscho self-assigned this Mar 25, 2025
@dscho dscho mentioned this pull request Mar 25, 2025
Merged
@dscho
Copy link
Member Author

dscho commented Mar 25, 2025

/submit

@gitgitgadget
Copy link

gitgitgadget bot commented Mar 25, 2025

Submitted as pull.1893.git.1742899110.gitgitgadget@gmail.com

To fetch this version into FETCH_HEAD:

git fetch https://github.com/gitgitgadget/git/ pr-1893/dscho/admins-are-admins-on-windows-v1

To fetch this version to local tag pr-1893/dscho/admins-are-admins-on-windows-v1:

git fetch --no-tags https://github.com/gitgitgadget/git/ tag pr-1893/dscho/admins-are-admins-on-windows-v1

@gitgitgadget
Copy link

gitgitgadget bot commented Mar 25, 2025

This patch series was integrated into seen via git@5a79ced.

@gitgitgadget gitgitgadget bot added the seen label Mar 25, 2025
@gitgitgadget
Copy link

gitgitgadget bot commented Mar 28, 2025

This branch is now known as js/mingw-admins-are-special.

@gitgitgadget
Copy link

gitgitgadget bot commented Mar 28, 2025

This patch series was integrated into seen via git@c2a7c69.

@gitgitgadget
Copy link

gitgitgadget bot commented Mar 28, 2025

This patch series was integrated into next via git@dfcb966.

@gitgitgadget gitgitgadget bot added the next label Mar 28, 2025
@gitgitgadget
Copy link

gitgitgadget bot commented Mar 29, 2025

This patch series was integrated into seen via git@23d2b41.

@gitgitgadget
Copy link

gitgitgadget bot commented Apr 7, 2025

There was a status update in the "Cooking" section about the branch js/mingw-admins-are-special on the Git mailing list:

"Dubious ownership" checks on Windows has been tightened up.

Will merge to 'master'.
source: <pull.1893.git.1742899110.gitgitgadget@gmail.com>

@gitgitgadget
Copy link

gitgitgadget bot commented Apr 7, 2025

This patch series was integrated into seen via git@45e31f0.

@gitgitgadget
Copy link

gitgitgadget bot commented Apr 7, 2025

This patch series was integrated into master via git@45e31f0.

@gitgitgadget
Copy link

gitgitgadget bot commented Apr 7, 2025

This patch series was integrated into next via git@45e31f0.

@gitgitgadget gitgitgadget bot added the master label Apr 7, 2025
@gitgitgadget
Copy link

gitgitgadget bot commented Apr 7, 2025

Closed via 45e31f0.

@gitgitgadget gitgitgadget bot closed this Apr 7, 2025
@dscho dscho deleted the admins-are-admins-on-windows branch April 9, 2025 05:59
webstech added a commit that referenced this pull request Nov 5, 2025
@webstech
Merge pull request #1893 from gitgitgadget/dependabot/npm_and_yarn/no…
c05f7ec 
…demailer-7.0.3

build(deps): bump nodemailer from 7.0.2 to 7.0.3
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@dscho dscho

Labels

master next seen

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@dscho