From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 9117 invoked by alias); 1 Mar 2012 10:09:00 -0000 Received: (qmail 9050 invoked by uid 22791); 1 Mar 2012 10:08:38 -0000 X-Spam-Check-By: sourceware.org Received: from aquarius.hirmke.de (HELO calimero.vinschen.de) (217.91.18.234) by sourceware.org (qpsmtpd/0.83/v0.83-20-g38e4449) with ESMTP; Thu, 01 Mar 2012 10:08:22 +0000 Received: by calimero.vinschen.de (Postfix, from userid 500) id 28B872C006D; Thu, 1 Mar 2012 11:08:20 +0100 (CET) Date: Thu, 01 Mar 2012 10:09:00 -0000 From: Corinna Vinschen To: cygwin@cygwin.com Subject: Re: 1.7.10/1.7.11: .Net programs started from a cygwin console may fail. Message-ID: <20120301100820.GC2257@calimero.vinschen.de> Reply-To: cygwin@cygwin.com Mail-Followup-To: cygwin@cygwin.com References: <70952A932255A2489522275A628B97C3129F49F7@xmb-sjc-233.amer.cisco.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <70952A932255A2489522275A628B97C3129F49F7@xmb-sjc-233.amer.cisco.com> User-Agent: Mutt/1.5.21 (2010-09-15) Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com X-SW-Source: 2012-03/txt/msg00020.txt.bz2 On Feb 29 13:36, Matt Seitz (matseitz) wrote: > "Corinna Vinschen" wrote: > > setfacl -m d:g::r-x,d:o:r-x /home /tmp /usr/tmp /var/log /var/run > /var/tmp 2>/dev/null > > Will that cause problems if I have: > > $ mount | grep home > C:/Documents and Settings on /home type ntfs (binary) > $ getfacl /home > # file: /home > # owner: Administrators > # group: Domain Users > user::rwx > group::--- > group:SYSTEM:rwx > group:Users:r-x > group:Power Users:r-x > mask:rwx > other:r-x > default:user::rwx > default:user:Administrators:rwx > default:group::--- > default:group:SYSTEM:rwx > default:group:Users:r-x > default:group:Power Users:r-x > default:mask:rwx > default:other:r-x > $ I don't know if that's a problem for you, but it would change the settings to $ getfacl /home [...] default:group::r-x <--- [...] $ Maybe it's better if the code tests the permissions first, along these lines: # Fix a problem introduced by older versions of setup.exe # Directories with 1777 permissions were erroneously created # with 777 inheritable default permissions. This is a security # problem for non-Cygwin apps using these folders. This is # especially tragic in case of /tmp. if [ ! -f /etc/.1777fix ] then for file in /home /tmp /usr/tmp /var/log /var/run do # We test if the default group or other permissions are rwx. # If so, it's dangerous and highly likely that these are still # the permissions set by setup.exe getfacl "${file}" | grep -Eq 'default:(group:|other):rwx' \ && setfacl -m d:g::r-x,d:o:r-x "${file}" 2>/dev/null \ && touch /etc/.1777fix done fi That should be sufficiently safe. Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Project Co-Leader cygwin AT cygwin DOT com Red Hat -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple