It was not my intent to be an experience point whore; my intention was to give a case study of Microsoft's "security through obscurity" paradigm with respect to Windows. Let me summarize my points:
- Microsoft's Windows API contains far too much administrative overhead. All of the calls API calls I listed are actually needed to change the owner; if you don't believe me, feel free to paste the code into your copy of VC++, comment out any section, and execute it a few thousand times. (Multiple executions are needed to show memory leaks in the event that you comment out the "free" statements.)
- This overhead is very poorly documented. I spent about a day going through various WinAPI books, code discussion groups, etc. to get the code I posted above. I'm sure that there are sites that I didn't check, and one of them might have similar or better code than what I've listed. But NONE of those sites are as convenient as the Camel or the Camel head.
As far as your points are concerned,
- Your point regarding computer languages is entirely valid. Languages are optimized for different things, and they do indeed suck when you don't play to their strengths. But my rant is not against C, but against Windows. Actually, it's a rant against the Windows API, which appears to be optimized for obscurity. I should have titled this section "Why I hate the Windows API". My bad.
- How do you propose that I "match the tool against the task" of changing a file's owner? By convincing my users to throw out their Win32 boxes and get Linux ones? (wow... that thought just sent me to a happy place :) ).
This example of API overhead is not an isolated case. I've been programming in Windows API for a few years now, and it's always been a huge mess for anything other than popping up message boxes. (Anyone remember when Win32 first came out, and the nightmare of syncing short and long filenames?)
And yes, this is not remotely constructive, and yes, it is childish, and yes, it is little more than an online theaputic temper tantrum. Which is why I prefaced it as such.
btw: in the event that anyone does try to compile my code, I omitted the fact that "SetPrivilege" is a subroutine that I wrote, not a windows API call. Here's the code for that:
int SetPrivilege(char *privilege, int enable)
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES
+, &token)) return 0;
if (!LookupPrivilegeValue(NULL, privilege, &luid)) return 0;
tp.PrivilegeCount = 1;
tp.Privileges.Luid = luid;
if (enable) tp.Privileges.Attributes = SE_PRIVILEGE_ENABLED;
else tp.Privileges.Attributes = 0;
// Enable the privilege or disable all privileges.
return AdjustTokenPrivileges(token, 0, &tp, NULL, NULL, NULL);