Re: [Bug] setup regression #2

public inbox for cygwin-apps@cygwin.com
 help / color / mirror / Atom feed

From: Christian Franke <Christian.Franke@t-online.de>
To: Jon Turney <jon.turney@dronecode.org.uk>,
	"cygwin-apps@cygwin.com" <cygwin-apps@cygwin.com>
Subject: Re: [Bug] setup regression #2
Date: Wed, 30 Nov 2022 22:22:40 +0100	[thread overview]
Message-ID: <16c0bdb4-00bb-3f96-7940-2273b6f0b82b@t-online.de> (raw)
In-Reply-To: <fc495a9c-1c8e-cc57-9ec6-6b6c68b533a6@dronecode.org.uk>

Jon Turney wrote:
> On 20/11/2022 19:05, Achim Gratz wrote:
>> Jon Turney writes:
>>> I believe that the intent of the code in setup is that there should
>>> only be two modes:
>>>
>>> USER: install "for me", with the users primary group
>>
>> As I understand it, the intention here was that the user can have a
>> "single user installation" in a place that they have access to (say,
>> their home directory) while they have no permission in one of the usual
>> places.  In a setup where that place is a certain type of share the user
>> will not be able to change the group the files are owned by anyway
>> (standard NetApp CIFS shares are set up this way) and it may not be the
>> users primary group.
>>
>>> SYSTEM: install "for everyone", with the administrators primary group
>>> (only permitted if you are an administrator)
>>
>> I don't see why the fact the installation is meant to be used by
>> multiple users means that the install must be owned by group
>> Administrators.  I'm not sure this is a good idea on Windows anyway, at
>> least when you don't put extra (inheritable) DACL on the install
>> folder.
>
> Christian,
>
> Maybe you can offer your opinion here, since you seem to have the 
> opposite, or at least a different, point of view.

Anything installed with "All Users" option should IMO be protected 
against modifications by any regular non-elevated user.

This is not the case if the RID=513 group ("HOST\None", 
"DOMAIN\Domain-Users") is used. Many upstream projects install 
directories and files with permissions like 0664, 0775, 0660 or 0770. 
This is safe when the group is "root". On current Cygwin, all users have 
R/W access regardless of the "other" permission bits.

Try for example: find /usr/share ! -type l -perm -020 -ls (~4000 hits on 
my installation)

Using the administrators group as discussed here would solve this but 
apparently introduces interesting new permission problems with some 
packages. Could these possibly be solved by the maintainers of the 
affected packages?

An alternative may be: Keep the group as is, but prevent using above 
permissions as far as possible. For new packages, this could possibly be 
done with an enhancement of cygport. But I'm sure that there will also 
be subtle cases where these modified permissions break things. Cygport 
could allow to opt-out then.

Ideally the protection should also be effective for the non-elevated 
user who runs setup elevated. This is automatically the case for typical 
installers because Windows changes TokenOwner to administrators group if 
run elevated. That's why I provided 
https://sourceware.org/pipermail/cygwin-apps/2022-August/042221.html

next prev parent reply	other threads:[~2022-11-30 21:22 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-09-22 17:14 Achim Gratz
2022-10-01 15:37 ` Jon Turney
2022-10-03 19:23   ` Achim Gratz
2022-10-08 15:18     ` Jon Turney
2022-10-08 16:56       ` Achim Gratz
2022-11-08 16:21         ` Jon Turney
2022-11-09 18:25           ` Achim Gratz
2022-11-13 12:47           ` Achim Gratz
2022-11-20 17:16             ` Jon Turney
2022-11-20 19:05               ` Achim Gratz
2022-11-21 12:32                 ` Corinna Vinschen
2022-11-21 12:39                   ` ASSI
2022-11-21 12:47                     ` Corinna Vinschen
2022-11-29 21:37                 ` Jon Turney
2022-11-30 21:22                   ` Christian Franke [this message]
2022-12-01 19:50                     ` Achim Gratz
2023-02-02 16:00               ` Jon Turney

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=16c0bdb4-00bb-3f96-7940-2273b6f0b82b@t-online.de \
    --to=christian.franke@t-online.de \
    --cc=cygwin-apps@cygwin.com \
    --cc=jon.turney@dronecode.org.uk \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).