Re: Cygwin AF_UNIX emulation

[Christian Franke <Christian.Franke@t-online.de>]

Corinna Vinschen wrote:
> On Oct 17 21:29, Christian Franke wrote:
>> Corinna Vinschen wrote:
>>> On Oct 16 23:34, Christian Franke wrote:
>>>> Nasty detail: At least postfix sets the all AF_UNIX sockets to rw-rw-rw- and
>>>> relies only on directory permissions (private: rwx------, public: rwx--x---)
>>>> for access control. This is not effective on Cygwin. Due to the rw-rw-rw-,
>>>> the 'secret' is world readable on Cygwin and another Cygwin specific patch
>>>> is required :-)
>>> Yeah, thanks to Windows which enables the "Bypass Traverse checking"
>>> privilege for everyone :(  At one point in 2005 I toyed with traverse
>>> checking but eventually gave up in 2006 and reverted the stuff.
>> This does not appear as an Se*Privilege in the token, correct?
> It's in the token, and it's an ugly amalgamation of two unrelated
> mechanisms(*):
>
>    SE_CHANGE_NOTIFY_NAME
>
>      Required to receive notifications of changes to files or
>      directories. This privilege also causes the system to skip all
>      traversal access checks. It is enabled by default for all users.
>
>      User Right: Bypass traverse checking.

An unexpected "feature", IMO.

Hmm.... after removing this privilege, Cygwin returns garbage stat() 
info, for any path below the 'forbidden directory':

$ uname -srvm
CYGWIN_NT-6.1-WOW64 1.7.33s(0.278/5/3) 20141017 14:39:49 i686

$ cd /var/spool/postfix/

$ ls -ld private
drwx------+ 1 postfix none 0 Oct 18 16:39 private

$ ls -l private
ls: cannot open directory private: Permission denied

$ ls -l private/smtp
srw-rw-rw- 1 postfix none 0 Oct 18 16:39 private/smtp

$ cygdrop -p ChangeNotify ls -l private/smtp
-rw-r----- 1 Unknown+User Unknown+Group 6991943424855812584 Jun 23 1909 
private/smtp

$ ls -l private/no/such/path
ls: cannot access private/no/such/path: No such file or directory

$ cygdrop -p ChangeNotify ls -l private/no/such/path
-rw-r----- 1 Unknown+User Unknown+Group 6991943424855812584 Jun 23 1909 
private/no/such/path

$ cygdrop -p ChangeNotify ls -l /tmp/no/such/path
ls: cannot access /tmp/no/such/path: No such file or directory


>> BTW: I could ITP postfix in one week or so. It would rely on the SO_PEERCRED
>> workaround for now. Any objections?
> Uh, we're not having a Cygwin release it could work with for now.
> It might be better to wait until then, if that's ok with you.

Of course.

My intention was to get the initial packing issues fixed early such that 
the actual upload could be done when a the first compatible Cygwin 
release is available.


> I'm planning to release 1.7.33(**) in November at the latest.  I'm
> not going to stall this release until we have another solution for
> the aforementioned problems, the SO_PEERCRED wourkaround should
> suffice for now.

OK.


> (**) Or 1.9.0. I'm not sure yet if we should bump the DLL major 
> version due to the massive changes to user and group handling or not. 

During testing postfix with recent snapshots, I found nothing that 
needed to be changed in my existing installations which have complete 
/etc/passwd and group files. The only visible difference is that Cygwin 
now reports groups not seen before (like 4="INTERAKTIV").

So keeping 1.7.* might be OK.

Christian