From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <anrdaemon@yandex.ru>
Received: from forward501o.mail.yandex.net (forward501o.mail.yandex.net
 [IPv6:2a02:6b8:0:1a2d::611])
 by sourceware.org (Postfix) with ESMTPS id 7AE473858007
 for <cygwin@cygwin.com>; Wed, 20 Oct 2021 07:05:03 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 7AE473858007
Authentication-Results: sourceware.org;
 dmarc=pass (p=none dis=none) header.from=yandex.ru
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=yandex.ru
Received: from iva7-79032ba5307a.qloud-c.yandex.net
 (iva7-79032ba5307a.qloud-c.yandex.net
 [IPv6:2a02:6b8:c0c:320d:0:640:7903:2ba5])
 by forward501o.mail.yandex.net (Yandex) with ESMTP id EA8D745C5581
 for <cygwin@cygwin.com>; Wed, 20 Oct 2021 10:05:00 +0300 (MSK)
Received: from iva6-2d18925256a6.qloud-c.yandex.net
 (2a02:6b8:c0c:7594:0:640:2d18:9252 [2a02:6b8:c0c:7594:0:640:2d18:9252])
 by iva7-79032ba5307a.qloud-c.yandex.net (mxback/Yandex) with ESMTP id
 vYvTcmH1kz-50bScfZa; Wed, 20 Oct 2021 10:05:00 +0300
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail;
 t=1634713500; bh=hxnlryKjAM/+lSi665aBT1I2tMBZmXrFiHVRpPan6oY=;
 h=In-Reply-To:Subject:From:Message-ID:References:Date:Reply-To:To;
 b=icy+sL/0T//ZI4vIIDPdpt36dFzvv8PCrud1pafbDBKLJl3Kq9Mq2u4cLRcS2PZGx
 cS/A2tjI0uzpZmvaZ6p/Y7Iai2b8rANAqgL7YreVaxtIwX4O2NGGitaR9r7HyBz4oN
 P4tXBPzXfeJk6LrxJdbYGNDfccGcoTmPDggC9geQ=
Authentication-Results: iva7-79032ba5307a.qloud-c.yandex.net;
 dkim=pass header.i=@yandex.ru
Received: by iva6-2d18925256a6.qloud-c.yandex.net (smtp/Yandex) with ESMTPS id
 5OrJA75PX0-50qW41al; Wed, 20 Oct 2021 10:05:00 +0300
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client certificate not present)
X-Yandex-Fwd: 2
Received: from [192.168.1.10] (HELO daemon2.darkdragon.lan)
 by daemon2 (Office Mail Server 0.8.12 build 08053101) with SMTP;
 Wed, 20 Oct 2021 06:55:40 -0000
Date: Wed, 20 Oct 2021 09:55:40 +0300
From: Andrey Repin <anrdaemon@yandex.ru>
X-Mailer: The Bat! (v6.8.8) Home
Reply-To: cygwin@cygwin.com
X-Priority: 3 (Normal)
Message-ID: <10610219801.20211020095540@yandex.ru>
To: Brian Inglis <cygwin@cygwin.com>, cygwin@cygwin.com
Subject: Re: Windows October Update Patch Could Affect Symlinks
In-Reply-To: <f0b67f08-611f-d198-258a-4deb28f86ac5@SystematicSw.ab.ca>
References: <f0b67f08-611f-d198-258a-4deb28f86ac5@SystematicSw.ab.ca>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, score=-0.1 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, INDUSTRIAL_SUBJECT,
 KAM_THEBAT, NICE_REPLY_A, SPF_HELO_NONE, SPF_PASS,
 TXREP autolearn=no autolearn_force=no version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
 server2.sourceware.org
X-BeenThere: cygwin@cygwin.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: General Cygwin discussions and problem reports <cygwin.cygwin.com>
List-Unsubscribe: <https://cygwin.com/mailman/options/cygwin>,
 <mailto:cygwin-request@cygwin.com?subject=unsubscribe>
List-Archive: <https://cygwin.com/pipermail/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-request@cygwin.com?subject=help>
List-Subscribe: <https://cygwin.com/mailman/listinfo/cygwin>,
 <mailto:cygwin-request@cygwin.com?subject=subscribe>
X-List-Received-Date: Wed, 20 Oct 2021 07:05:06 -0000

Greetings, Brian Inglis!

> While checking Windows October update patches found a vague reference to
> a new Windows update patch affecting symlinks in the article:

> https://www.computerworld.com/article/3637013/four-zero-day-exploits-add-urgency-to-octobers-patch-tuesday.html

> "On the topic of lesser-used Windows features, the Microsoft NTFS file 
> system was updated to include a fix for symbolic links (helpful with 
> UNIX migrations). If you are in the middle of a large UNIX migration, 
> you may want to pause things a little and test out some large (and 
> parallel) file transfers before deploying this update."

> Could not find anything definite about this patch or its effects or 
> whether it will create any issues. So this is just a heads up about 
> potential issues implied by the article. If anyone can find the actual 
> patch and any docs documenting potential changes or issues that may help.

> The article's links to overview and generic articles on NTFS and 
> symlinks did not help:

> https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/create-symbolic-links#security-considerations

> pointing to existing:

> https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/fsutil-behavior

> On my system, that shows:

> Elevated > fsutil behavior set symlinkevaluation /? | grep -E "sym|link"
> ...
> symlinkEvaluation       {L2L|L2R|R2R|R2L}:{0|1} [...]
> ...
> Sample SymlinkEvaluation command:
>         "fsutil behavior set symlinkEvaluation L2L:1 L2R:0"
>         - Will enable local to local symbolic links and disable local to
>         remote symbolic links. It will not change the state of remote to
>         remote links or remote to local links.
>         - This operation takes effect immediately (no reboot required)
> ...
> Elevated > fsutil behavior query symlinkevaluation
> Local to local symbolic links are enabled.
> Local to remote symbolic links are enabled.
> Remote to local symbolic links are disabled.
> Remote to remote symbolic links are disabled.
> ...

This is an old setting and defaults for it are as shown.
If you've never changed them, it's worth checking to make sure they are
untouched. If you did change them at one point, check them to reconsider your
changes.


-- 
With best regards,
Andrey Repin
Wednesday, October 20, 2021 9:53:38

Sorry for my terrible english...