Re: FW: Description of the new 'ntsec' feature

Re: FW: Description of the new 'ntsec' feature

[Corinna Vinschen]

Jason Zions wrote:
> [...]
> Corinna, I doubt Emanuale was suggesting you look at the source code for
> Interix; especially since that's not available. I think he was suggesting
> that you look into the mapping Interix used, not its implementation.
> 
> Interix has a very clean mapping of full POSIX semantics to NTFS security.
> The specifics of that mapping are outlined in a tech note available at
> http://www.interix.com . Some discussion of the rationale for some of our
> choices appears in that document.
> 
> I would be more than happy to talk about the specifics of the mapping we've
> elected to use, about its drawbacks and advantages, and things we're
> planning to do differently and better. It would be a good thing for Interix
> and cygwin to use NTFS permissions in the same way to mean the same things
> w.r.t. Unix permissions; I am quite open to considering changes in our model
> if they increase the fidelity of our security model to that provided by UNIX
> systems.

Hi Jason,

thanks for the input. Sorry for the long response lag. I'm very short
of time at the moment. The current project of my firm is in a critical
state, so I don't see the daylight as often as I want :(

I agree to your text. I know, that my model isn't really complete.
Did you read my description? Did you test one of the latest
snapshots with CYGWIN=ntsec? I'd like to hear your opinion.

Shame on me: I didn't read the aforementioned tech note so far.
Would you be so kind, to send it as an attachment, so I can't forget
it to read?

I would appreciate further discussions but please be patient.

Best Regards,
Corinna



--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com

Re: FW: Description of the new 'ntsec' feature

[Corinna Vinschen]

Jason Zions wrote:
> [...]
> Corinna, I doubt Emanuale was suggesting you look at the source code for
> Interix; especially since that's not available. I think he was suggesting
> that you look into the mapping Interix used, not its implementation.
> 
> Interix has a very clean mapping of full POSIX semantics to NTFS security.
> The specifics of that mapping are outlined in a tech note available at
> http://www.interix.com . Some discussion of the rationale for some of our
> choices appears in that document.
> 
> I would be more than happy to talk about the specifics of the mapping we've
> elected to use, about its drawbacks and advantages, and things we're
> planning to do differently and better. It would be a good thing for Interix
> and cygwin to use NTFS permissions in the same way to mean the same things
> w.r.t. Unix permissions; I am quite open to considering changes in our model
> if they increase the fidelity of our security model to that provided by UNIX
> systems.

Hi Jason,

thanks for the input. Sorry for the long response lag. I'm very short
of time at the moment. The current project of my firm is in a critical
state, so I don't see the daylight as often as I want :(

I agree to your text. I know, that my model isn't really complete.
Did you read my description? Did you test one of the latest
snapshots with CYGWIN=ntsec? I'd like to hear your opinion.

Shame on me: I didn't read the aforementioned tech note so far.
Would you be so kind, to send it as an attachment, so I can't forget
it to read?

I would appreciate further discussions but please be patient.

Best Regards,
Corinna



--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com

RE: FW: Description of the new 'ntsec' feature

[Suhaib Siddiqi]

Here is the cut-and-paste of the error I mentioned.  Please note that I
opened a new bash shell and cd to /d/xc/config/cf and then typed ls X11.*
and it got into this endless cycle of lock_pinfo_for_update:.... errors that
I had to kill the bash shell.

Is this a bug in snapshot which could be related to new security feature???

Suhaib


bash-2.02$ cd /d/xc/config/cf
bash-2.02$ ls X11.*
    0       0 [main] c:\cygnus\CYGWIN~4\H-I586~1\bin\ls.exe 14916
lock_pinfo_for
_update: rc 258, Win32 error 0
    0 10024379 [main] ls 14916 lock_pinfo_for_update: rc 258, Win32 error 6
10024440 20048819 [main] ls 14916 lock_pinfo_for_update: rc 258, Win32 error
6
10024523 30073342 [main] ls 14916 lock_pinfo_for_update: rc 258, Win32 error
6
10024394 40097736 [main] ls 14916 lock_pinfo_for_update: rc 258, Win32 error
6
10027462 50125198 [main] ls 14916 lock_pinfo_for_update: rc 258, Win32 error
6
10021261 60146459 [main] ls 14916 lock_pinfo_for_update: rc 258, Win32 error
6
10024437 70170896 [main] ls 14916 lock_pinfo_for_update: rc 258, Win32 error
6





> -----Original Message-----
> From: Suhaib Siddiqi [ mailto:ssiddiqi@ipass.net ]
> Sent: Thursday, August 19, 1999 7:18 AM
> To: Corinna Vinschen; Cygwin@Sourceware. Cygnus. Com
> Subject: RE: FW: Description of the new 'ntsec' feature
>
>
>
> > > you still are having problems then they're probably not due to ntsec.
> > > There's probably a bug in cygwin from something *I've* done.
> >
> > And there's probably a bug in ntsec, too. I hope that some people are
> > willing, to give ntsec a try. It works "for me" but I'm not able to
> > see all consequences in my environment, so I need feedback.
> > If nobody would test your XFree porting results you would have a
> > far bigger problem, isn't it?
>
> I agree.  At the present time, I am down to only 2 people support
> for Xfree, myself and John Fortin.  All the Cygwin (9 users) who
> were willing to help and contribute have backed off.  i guess
> after looking at 100 MB of source code and a lot of Assembly code
> in xfree/os-support
> most of them decided to take off instead of attempting to play
> with 10s MB of Assembly code.
>
> >
> > The main items are:
> > - Are there real bugs?
>
> I really do not know.  But I kept getting this *proc_info_signal
> 1000 ...* mostly after MAKE finishes the compilation job.  Sometimes
> I get bash hanged if I try to kill a process.  I tried
> CYGWIN=nontsec and without nontsec.
>
> > - Are the choosen security settings adequate?
>
> At least a brief overview on Cygwin Web pages would help.
>
> > - Should the settings for administrators better be as in NT itself?
> > - How is it possible to do convenient without /etc/passwd and
> >   /etc/group?
> >
> > And, last but not least: Patches are gratefully accepted ;-)
>
> Sorry, cannot contribute patches for it.  I have a very limited
> knowledge on security code you wrote ;-)
>
> >
> > Regards,
> > Corinna
> >
> >
> > --
> > Want to unsubscribe from this list?
> > Send a message to cygwin-unsubscribe@sourceware.cygnus.com
> >


--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com

RE: FW: Description of the new 'ntsec' feature

[Suhaib Siddiqi]

> The philosophy was that we could get real ownership and real executable
> bits and real UNIX permissions.  I also thought it would be nice to have
> a multi-user NT system where people couldn't routinely kill each others'
> processes.  I asked Corinna for this and she spent a lot of time on it.
>

Thanks, I understand now :-)

> I can understand why you don't want to use it.  Just turn if off.

I had it turnedd off.  However the proc_info_signal 1000 kill still kep
poping up, though not as often as it used to before (til July's last week
snapshots).  Mostly I see this message (proc_info_signal 1000)
when MAKE finishes compilation job.

Suhaib

>If
> you still are having problems then they're probably not due to ntsec.
> There's probably a bug in cygwin from something *I've* done.
>
> cgf
>


--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com

RE: FW: Description of the new 'ntsec' feature

[Suhaib Siddiqi]

> >Will send you strace report tomorrow, directly.  I have snapshot 
> only on my
> >Office
> >computer.  Though I know how to reproduce the problem.  This is the
> >scenario:
> >
> >I have SET CYGWIN=nonetsec in my cygwin.bat file.
> >
> >Open one bash shell, and kill a process, leave the bash shell open.
> >
> >Open a second bash shell and type ls or anything other command, except
> >cd, it goes in that endless cylcle of error messages I posted.  The
> >only way to get out of it is to kill both the bash shells.
> 
> Unfortunately, this scenario works fine for me.
> 
> Also, I would really appreciate it if you use the latest snapshot for
> yor tests.  There is a 19990818 snapshot and there should be one tonight
> as well.
> 
> cgf
> 


I installed August 19th snapshot and problem disappeared.
I was the snapshot from first week of August.
I assume, strace is not needed now because with August 19th Snapshot
I could not reproduce it myself?

Suhaib

--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com

Re: FW: Description of the new 'ntsec' feature

[Chris Faylor]

On Thu, Aug 19, 1999 at 06:55:13AM -0400, Suhaib Siddiqi wrote:
>
>
>> The philosophy was that we could get real ownership and real executable
>> bits and real UNIX permissions.  I also thought it would be nice to have
>> a multi-user NT system where people couldn't routinely kill each others'
>> processes.  I asked Corinna for this and she spent a lot of time on it.
>>
>
>Thanks, I understand now :-)
>
>> I can understand why you don't want to use it.  Just turn if off.
>
>I had it turnedd off.  However the proc_info_signal 1000 kill still kep
>poping up, though not as often as it used to before (til July's last week
>snapshots).  Mostly I see this message (proc_info_signal 1000)
>when MAKE finishes compilation job.

You're going to have to provide an actual error message, Suhaib.
The string proc_info_signal does not show up anywhere in cygwin.

There is a proc_info structure and a sig_send function.  The sig_send
function could emit errors in some situations.  This is probably what
you're seeing and is probably what we need to track down.

cgf

>>If you still are having problems then they're probably not due to
>>ntsec.  There's probably a bug in cygwin from something *I've* done.

--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com

RE: FW: Description of the new 'ntsec' feature

[Suhaib Siddiqi]

>
> I'm really interested in this xfree port but I'm sure that I can't help.
> My knowledge in graphics software algorithms is very restricted. I'm
> _really_ happy that I'm able to use MFC (and Quickdraw on the Mac in
> these "early days") though I don't use it with pleasure. Unfortunately
> I never had a big chance to learn X. My private tries were stuck in
> programming a Motif "Hello, World" clone :-))

The graphic stuff had already been taken care.  What I need, a help in
writing a device driver for Windows.  I have zero knowledge on devices
drivers, therefore I had asked a couple of other dvelopers i know to help me
out to complete the Xfree86 port.

>
> > [...]
> > > - Are the choosen security settings adequate?
> >
> > At least a brief overview on Cygwin Web pages would help.
>
> That was one of the reasons for publishing the document: It describes
> the
> settings that are made, especially the deverging settings for the admin
> group. Did you read the document? Comments?


Oh, I am sorry, I must have missed it.  I would try to find it in Cygwin
archives and read it carefully.

Regards
Suhaib

>
> > [...]
> > Sorry, cannot contribute patches for it.  I have a very limited
> knowledge on
> > security code you wrote ;-)
>
> See above :-)
>
> Regards,
> Corinna
>
> --
> Want to unsubscribe from this list?
> Send a message to cygwin-unsubscribe@sourceware.cygnus.com
>


--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com

FW: Description of the new 'ntsec' feature

[Suhaib M. Siddiqi]

> Jim & Jenn Dumser wrote:
> > [...]
> > It would help to know exactly when these features were added to the
> > snapshots. I grabbed 990815 since it was the latest, but many programs
> > (vim, etc.) just core dump with it. (I'm running NT4 SP5.)
> > [...]
>
> It's part of the snapshots since 25-May. If you think that the ntsec
> feature is the reason for the core dumps you have two choices:
>
> - Send me an strace
> - set CYGWIN=nontsec

In my hands NTSEC had been very annoying.  I get all the time those
pinfo_proc kill at 1000 blah blah.

I did not understand the philosophy behind NTSEC.  Cygwin is a development
tool
not a multiuser UNIX login system, thus I am not sure implementing all the
UNIX
traditional security features would be helpfull for development tools.

Suhaib


>
> I'm using ntsec since I begun to develop it (since mid of January) and
> I'm using vim, too. I don't have any core dump with it. This should not
> imply, that I believe, ntsec is error free! Moreover, ntsec is a widely
> discussable feature and it will not be useful for everyone.
>
> Regards,
> Corinna
>
>
>
> --
> Want to unsubscribe from this list?
> Send a message to cygwin-unsubscribe@sourceware.cygnus.com
>


--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com

Re: FW: Description of the new 'ntsec' feature

[Corinna Vinschen]

Chris Faylor wrote:
> On Wed, Aug 18, 1999 at 09:20:36PM -0400, Suhaib M. Siddiqi wrote:
> > [...]
> >In my hands NTSEC had been very annoying.  I get all the time those
> >pinfo_proc kill at 1000 blah blah.
> >
> >I did not understand the philosophy behind NTSEC.  Cygwin is a
> >development tool not a multiuser UNIX login system, thus I am not sure
> >implementing all the UNIX traditional security features would be
> >helpfull for development tools.
> 
> The philosophy was that we could get real ownership and real executable
> bits and real UNIX permissions.  I also thought it would be nice to have
> a multi-user NT system where people couldn't routinely kill each others'
> processes.  I asked Corinna for this and she spent a lot of time on it.

Another problem was: A cygwin process that was started via service
manager (inetd) and it's child process (telnetd, sshd, etc) couldn't
be killed with cygwin tools (kill). So I spent time to look over NT
security to solve this problem, which was a developers problem.

Note, that you are _able_ to work with cygwin as if you work in
the mentioned multiuser UNIX system. Moreover it's possible to
_develop_ with other persons in the same cygwin environment on
the same workstation together. Why not supporting this with a
suitable security model?

> I can understand why you don't want to use it.  Just turn if off.  If
> you still are having problems then they're probably not due to ntsec.
> There's probably a bug in cygwin from something *I've* done.

And there's probably a bug in ntsec, too. I hope that some people are
willing, to give ntsec a try. It works "for me" but I'm not able to
see all consequences in my environment, so I need feedback. 
If nobody would test your XFree porting results you would have a
far bigger problem, isn't it?

The main items are:
- Are there real bugs?
- Are the choosen security settings adequate?
- Should the settings for administrators better be as in NT itself?
- How is it possible to do convenient without /etc/passwd and
  /etc/group?

And, last but not least: Patches are gratefully accepted ;-)

Regards,
Corinna


--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com

Re: FW: Description of the new 'ntsec' feature

[Chris Faylor]

On Thu, Aug 19, 1999 at 08:51:51PM -0400, Suhaib M. Siddiqi wrote:
>> >Sorry Chris, my poor memory of remembering the exact langauge.
>> I did post a
>> >cut and pawst later in responbse to Corinna's post.
>> >If you have not received it, please let me know, I will report it.
>>
>> Yes, I saw it.  Sorry.  I've been in rush mode lately and have made the
>> mistake of not reading the complete thread before responding more than
>> once.
>>
>> If you could do this:
>>
>> strace -f -ostrace.out bash
>>
>> and then try to duplicate that error, it would be immensely useful.
>> The strace.out file may be enough to pinpoint what's going wrong.
>
>Will send you strace report tomorrow, directly.  I have snapshot only on my
>Office
>computer.  Though I know how to reproduce the problem.  This is the
>scenario:
>
>I have SET CYGWIN=nonetsec in my cygwin.bat file.
>
>Open one bash shell, and kill a process, leave the bash shell open.
>
>Open a second bash shell and type ls or anything other command, except
>cd, it goes in that endless cylcle of error messages I posted.  The
>only way to get out of it is to kill both the bash shells.

Unfortunately, this scenario works fine for me.

Also, I would really appreciate it if you use the latest snapshot for
yor tests.  There is a 19990818 snapshot and there should be one tonight
as well.

cgf

--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com

RE: FW: Description of the new 'ntsec' feature

[Emanuele Aliberti]

>The graphic stuff had already been taken care.  What I need, a help in
>writing a device driver for Windows.  I have zero knowledge on devices
>drivers, therefore I had asked a couple of other dvelopers i know to help 
>me
>out to complete the Xfree86 port.

If your target is w95 and WNT4, you should write two different drivers. If 
your target is W98 and W2K, it may be needed to write only one (WDM: Windows 
Driver Model), but I am not sure. For WNT4, try asking in the ros-kernel 
mailing list ( http://www.reactos.com/ ). AFAIK, we are actually the only ones 
on the net trying to use the --subsystem:native with gcc/ld (mingw32). 
(Anyone else: please contact us! We have some troubles...).


______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com

--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com

Re: FW: Description of the new 'ntsec' feature

[Chris Faylor]

On Sun, Aug 22, 1999 at 05:49:16PM +0200, Emanuele Aliberti wrote:
>>The philosophy was that we could get real ownership and real executable
>>bits and real UNIX permissions.
>
>Does it use the POSIX_SEMANTICS flag when managing files stored in ntfs 
>volumes? Doesn't it run the x-ed image in the NT's native POSIX server?

No.

-chris

--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com

Re: FW: Description of the new 'ntsec' feature

[Chris Faylor]

On Wed, Aug 18, 1999 at 09:20:36PM -0400, Suhaib M. Siddiqi wrote:
>> > [...]
>> > It would help to know exactly when these features were added to the
>> > snapshots. I grabbed 990815 since it was the latest, but many programs
>> > (vim, etc.) just core dump with it. (I'm running NT4 SP5.)
>> > [...]
>>
>> It's part of the snapshots since 25-May. If you think that the ntsec
>> feature is the reason for the core dumps you have two choices:
>>
>> - Send me an strace
>> - set CYGWIN=nontsec
>
>In my hands NTSEC had been very annoying.  I get all the time those
>pinfo_proc kill at 1000 blah blah.
>
>I did not understand the philosophy behind NTSEC.  Cygwin is a
>development tool not a multiuser UNIX login system, thus I am not sure
>implementing all the UNIX traditional security features would be
>helpfull for development tools.

The philosophy was that we could get real ownership and real executable
bits and real UNIX permissions.  I also thought it would be nice to have
a multi-user NT system where people couldn't routinely kill each others'
processes.  I asked Corinna for this and she spent a lot of time on it.

I can understand why you don't want to use it.  Just turn if off.  If
you still are having problems then they're probably not due to ntsec.
There's probably a bug in cygwin from something *I've* done.

cgf

--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com

Re: FW: Description of the new 'ntsec' feature

[Chris Faylor]

On Thu, Aug 19, 1999 at 12:34:52PM -0400, Suhaib Siddiqi wrote:
>> >snapshots).  Mostly I see this message (proc_info_signal 1000)
>> >when MAKE finishes compilation job.
>>
>> You're going to have to provide an actual error message, Suhaib.
>> The string proc_info_signal does not show up anywhere in cygwin.
>>
>> There is a proc_info structure and a sig_send function.  The sig_send
>> function could emit errors in some situations.  This is probably what
>> you're seeing and is probably what we need to track down.
>
>
>Sorry Chris, my poor memory of remembering the exact langauge.  I did post a
>cut and pawst later in responbse to Corinna's post.
>If you have not received it, please let me know, I will report it.

Yes, I saw it.  Sorry.  I've been in rush mode lately and have made the
mistake of not reading the complete thread before responding more than
once.

If you could do this:

strace -f -ostrace.out bash

and then try to duplicate that error, it would be immensely useful.
The strace.out file may be enough to pinpoint what's going wrong.

-chris

--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com

RE: FW: Description of the new 'ntsec' feature

[Suhaib Siddiqi]

> >I installed August 19th snapshot and problem disappeared.
> >I was the snapshot from first week of August.
> >I assume, strace is not needed now because with August 19th Snapshot
> >I could not reproduce it myself?
>
> That's right.  It's good to hear that the problem disappeared.
>
> -chris

Ok, now I have new errors.  I am getting console open error
while compiling DDD 3.1.6.
They also appear when i type make install.

If it is not correct, please edit USERINFO and re-compile.

/cygnus/CYGWIN~4/H-I586~1/bin/sh ./config-info ./USERINFO USERINFO >
configinfo.
C~ && \
mv configinfo.C~ configinfo.C
c++  -DHAVE_CONFIG_H -O2 -g   -fpermissive -felide-constructors -fconserve-s
pace
 -trigraphs -c -I. -I. -I./.. -I/cygnus/cygwin-b20/X11R6.4/include -o
configinfo
.o configinfo.C
    0       0 [main]
/cygnus/CYGWIN~4/H-I586~1/bin/../lib/gcc-lib/i586-cygwin32/
2.95/cpp.exe 7443 fhandler_console::de_linearize: error opening console
after ex
ec, Win32 error 0
    0   67742 [main]
/cygnus/CYGWIN~4/H-I586~1/bin/../lib/gcc-lib/i586-cygwin32/
2.95/cpp 7443 fhandler_console::de_linearize: error opening console after
exec,
Win32 error 6
32336  100078 [main]
/cygnus/CYGWIN~4/H-I586~1/bin/../lib/gcc-lib/i586-cygwin32/
2.95/cpp 7443 fhandler_console::de_linearize: error opening console after
exec,
Win32 error 6
    0       0 [main]
/cygnus/CYGWIN~4/H-I586~1/bin/../lib/gcc-lib/i586-cygwin32/
2.95/cc1plus.exe 7444 fhandler_console::de_linearize: error opening console
afte
r exec, Win32 error 0
    0   32345 [main]
/cygnus/CYGWIN~4/H-I586~1/bin/../lib/gcc-lib/i586-cygwin32/
2.95/cc1plus 7444 fhandler_console::de_linearize: error opening console
after ex
ec, Win32 error 6
32177   64522 [main]
/cygnus/CYGWIN~4/H-I586~1/bin/../lib/gcc-lib/i586-cygwin32/
2.95/cc1plus 7444 fhandler_console::de_linearize: error opening console
after ex
ec, Win32 error 6
    0       0 [main]
/cygnus/CYGWIN~4/H-I586~1/bin/../lib/gcc-lib/i586-cygwin32/
2.95/../../../../i586-cygwin32/bin/as.exe 7445
fhandler_console::de_linearize: e
rror opening console after exec, Win32 error 0
    0   32819 [main]
/cygnus/CYGWIN~4/H-I586~1/bin/../lib/gcc-lib/i586-cygwin32/
2.95/../../../../i586-cygwin32/bin/as 7445 fhandler_console::de_linearize:
error
 opening console after exec, Win32 error 6
32427   65246 [main]
/cygnus/CYGWIN~4/H-I586~1/bin/../lib/gcc-lib/i586-cygwin32/
2.95/../../../../i586-cygwin32/bin/as 7445 fhandler_console::de_linearize:
error
 opening console after exec, Win32 error 6


--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com

Re: FW: Description of the new 'ntsec' feature

[Chris Faylor]

On Fri, Aug 20, 1999 at 09:14:00AM -0400, Suhaib Siddiqi wrote:
>> Also, I would really appreciate it if you use the latest snapshot for
>> yor tests.  There is a 19990818 snapshot and there should be one tonight
>> as well.
>
>I installed August 19th snapshot and problem disappeared.
>I was the snapshot from first week of August.
>I assume, strace is not needed now because with August 19th Snapshot
>I could not reproduce it myself?

That's right.  It's good to hear that the problem disappeared.

-chris

--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com

Re: FW: Description of the new 'ntsec' feature

[Mumit Khan]

Corinna Vinschen <corinna@vinschen.de> writes:
> > Did you check how POSIX security is emulated in the Interix subsystem
> > against NT's security?

Interix is "special" since it uses its own subsystem, and has the added
advantage of running on NT only. I don't believe looking at Interix is
that productive. A more comparable implementation in this regard is AT&T 
UWIN, and it does go to some length to handle permission and so on (via 
two services on NT, and somewhat braindead on Win9x).

> No. It's a "clean room implementation". I don't want to look how it's
> solved in other systems but I want to hear discussions and opinions
> how to do our own implementation.

That's the best way, especially when it comes implementing proprietary
interfaces as well as emulating proprietary implementations.

Regards,
Mumit


--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com

RE: FW: Description of the new 'ntsec' feature

[Suhaib Siddiqi]

> > you still are having problems then they're probably not due to ntsec.
> > There's probably a bug in cygwin from something *I've* done.
>
> And there's probably a bug in ntsec, too. I hope that some people are
> willing, to give ntsec a try. It works "for me" but I'm not able to
> see all consequences in my environment, so I need feedback.
> If nobody would test your XFree porting results you would have a
> far bigger problem, isn't it?

I agree.  At the present time, I am down to only 2 people support for Xfree,
myself and John Fortin.  All the Cygwin (9 users) who were willing to help
and contribute have backed off.  i guess after looking at 100 MB of source
code and a lot of Assembly code in xfree/os-support
most of them decided to take off instead of attempting to play with 10s MB
of Assembly code.

>
> The main items are:
> - Are there real bugs?

I really do not know.  But I kept getting this *proc_info_signal 1000 ...*
mostly after MAKE finishes the compilation job.  Sometimes
I get bash hanged if I try to kill a process.  I tried
CYGWIN=nontsec and without nontsec.

> - Are the choosen security settings adequate?

At least a brief overview on Cygwin Web pages would help.

> - Should the settings for administrators better be as in NT itself?
> - How is it possible to do convenient without /etc/passwd and
>   /etc/group?
>
> And, last but not least: Patches are gratefully accepted ;-)

Sorry, cannot contribute patches for it.  I have a very limited knowledge on
security code you wrote ;-)

>
> Regards,
> Corinna
>
>
> --
> Want to unsubscribe from this list?
> Send a message to cygwin-unsubscribe@sourceware.cygnus.com
>


--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com

Re: FW: Description of the new 'ntsec' feature

[Emanuele Aliberti]

>The philosophy was that we could get real ownership and real executable
>bits and real UNIX permissions.

Does it use the POSIX_SEMANTICS flag when managing files stored in ntfs 
volumes? Doesn't it run the x-ed image in the NT's native POSIX server?


______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com

--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com

Re: FW: Description of the new 'ntsec' feature

[Corinna Vinschen]

Suhaib Siddiqi wrote:
> [...]
> I agree.  At the present time, I am down to only 2 people support for Xfree,
> myself and John Fortin.  All the Cygwin (9 users) who were willing to help
> and contribute have backed off.  i guess after looking at 100 MB of source
> code and a lot of Assembly code in xfree/os-support
> most of them decided to take off instead of attempting to play with 10s MB
> of Assembly code.

I'm really interested in this xfree port but I'm sure that I can't help.
My knowledge in graphics software algorithms is very restricted. I'm
_really_ happy that I'm able to use MFC (and Quickdraw on the Mac in
these "early days") though I don't use it with pleasure. Unfortunately
I never had a big chance to learn X. My private tries were stuck in
programming a Motif "Hello, World" clone :-))

> [...]
> > - Are the choosen security settings adequate?
> 
> At least a brief overview on Cygwin Web pages would help.

That was one of the reasons for publishing the document: It describes
the
settings that are made, especially the deverging settings for the admin
group. Did you read the document? Comments? 

> [...]
> Sorry, cannot contribute patches for it.  I have a very limited knowledge on
> security code you wrote ;-)

See above :-)

Regards,
Corinna

--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com

RE: FW: Description of the new 'ntsec' feature

[Suhaib Siddiqi]

> >snapshots).  Mostly I see this message (proc_info_signal 1000)
> >when MAKE finishes compilation job.
>
> You're going to have to provide an actual error message, Suhaib.
> The string proc_info_signal does not show up anywhere in cygwin.
>
> There is a proc_info structure and a sig_send function.  The sig_send
> function could emit errors in some situations.  This is probably what
> you're seeing and is probably what we need to track down.
>
> cgf


Sorry Chris, my poor memory of remembering the exact langauge.  I did post a
cut and pawst later in responbse to Corinna's post.
If you have not received it, please let me know, I will report it.

Regards


>
> >>If you still are having problems then they're probably not due to
> >>ntsec.  There's probably a bug in cygwin from something *I've* done.
>


--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com

RE: FW: Description of the new 'ntsec' feature

[Suhaib M. Siddiqi]

> >
> >Sorry Chris, my poor memory of remembering the exact langauge.
> I did post a
> >cut and pawst later in responbse to Corinna's post.
> >If you have not received it, please let me know, I will report it.
>
> Yes, I saw it.  Sorry.  I've been in rush mode lately and have made the
> mistake of not reading the complete thread before responding more than
> once.
>
> If you could do this:
>
> strace -f -ostrace.out bash
>
> and then try to duplicate that error, it would be immensely useful.
> The strace.out file may be enough to pinpoint what's going wrong.
>
> -chris

Chris,

Will send you strace report tomorrow, directly.  I have snapshot only on my
Office
computer.  Though I know how to reproduce the problem.  This is the
scenario:

I have SET CYGWIN=nonetsec in my cygwin.bat file.

Open one bash shell, and kill a process, leave the bash shell open.

Open a second bash shell and type ls or anything other command, except cd,
it goes
in that endless cylcle of error messages I posted.  The only way to get
out of it is to kill both the bash shells.

Suhaib

>
> --
> Want to unsubscribe from this list?
> Send a message to cygwin-unsubscribe@sourceware.cygnus.com
>


--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com

Re: FW: Description of the new 'ntsec' feature

[Corinna Vinschen]

Emanuele Aliberti wrote:
> 
> >- Are the choosen security settings adequate?
> >- Should the settings for administrators better be as in NT itself?
> >- How is it possible to do convenient without /etc/passwd and
> >   /etc/group?
> Did you check how POSIX security is emulated in the Interix subsystem
> against NT's security?

No. It's a "clean room implementation". I don't want to look how it's
solved in other systems but I want to hear discussions and opinions
how to do our own implementation.

Corinna


--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com

Re: FW: Description of the new 'ntsec' feature

[Emanuele Aliberti]

>- Are the choosen security settings adequate?
>- Should the settings for administrators better be as in NT itself?
>- How is it possible to do convenient without /etc/passwd and
>   /etc/group?
Did you check how POSIX security is emulated in the Interix subsystem 
against NT's security?


______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com

--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com

Re: FW: Description of the new 'ntsec' feature

[Mumit Khan]

Corinna Vinschen <corinna@vinschen.de> writes:
> > Did you check how POSIX security is emulated in the Interix subsystem
> > against NT's security?

Interix is "special" since it uses its own subsystem, and has the added
advantage of running on NT only. I don't believe looking at Interix is
that productive. A more comparable implementation in this regard is AT&T 
UWIN, and it does go to some length to handle permission and so on (via 
two services on NT, and somewhat braindead on Win9x).

> No. It's a "clean room implementation". I don't want to look how it's
> solved in other systems but I want to hear discussions and opinions
> how to do our own implementation.

That's the best way, especially when it comes implementing proprietary
interfaces as well as emulating proprietary implementations.

Regards,
Mumit


--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com

Re: FW: Description of the new 'ntsec' feature

[Corinna Vinschen]

Emanuele Aliberti wrote:
> 
> >- Are the choosen security settings adequate?
> >- Should the settings for administrators better be as in NT itself?
> >- How is it possible to do convenient without /etc/passwd and
> >   /etc/group?
> Did you check how POSIX security is emulated in the Interix subsystem
> against NT's security?

No. It's a "clean room implementation". I don't want to look how it's
solved in other systems but I want to hear discussions and opinions
how to do our own implementation.

Corinna


--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com

Re: FW: Description of the new 'ntsec' feature

[Chris Faylor]

On Sun, Aug 22, 1999 at 05:49:16PM +0200, Emanuele Aliberti wrote:
>>The philosophy was that we could get real ownership and real executable
>>bits and real UNIX permissions.
>
>Does it use the POSIX_SEMANTICS flag when managing files stored in ntfs 
>volumes? Doesn't it run the x-ed image in the NT's native POSIX server?

No.

-chris

--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com

RE: FW: Description of the new 'ntsec' feature

[Emanuele Aliberti]

>The graphic stuff had already been taken care.  What I need, a help in
>writing a device driver for Windows.  I have zero knowledge on devices
>drivers, therefore I had asked a couple of other dvelopers i know to help 
>me
>out to complete the Xfree86 port.

If your target is w95 and WNT4, you should write two different drivers. If 
your target is W98 and W2K, it may be needed to write only one (WDM: Windows 
Driver Model), but I am not sure. For WNT4, try asking in the ros-kernel 
mailing list ( http://www.reactos.com/ ). AFAIK, we are actually the only ones 
on the net trying to use the --subsystem:native with gcc/ld (mingw32). 
(Anyone else: please contact us! We have some troubles...).


______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com

--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com

Re: FW: Description of the new 'ntsec' feature

[Emanuele Aliberti]

>- Are the choosen security settings adequate?
>- Should the settings for administrators better be as in NT itself?
>- How is it possible to do convenient without /etc/passwd and
>   /etc/group?
Did you check how POSIX security is emulated in the Interix subsystem 
against NT's security?


______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com

--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com

Re: FW: Description of the new 'ntsec' feature

[Emanuele Aliberti]

>The philosophy was that we could get real ownership and real executable
>bits and real UNIX permissions.

Does it use the POSIX_SEMANTICS flag when managing files stored in ntfs 
volumes? Doesn't it run the x-ed image in the NT's native POSIX server?


______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com

--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com

RE: FW: Description of the new 'ntsec' feature

[Suhaib Siddiqi]

> >I installed August 19th snapshot and problem disappeared.
> >I was the snapshot from first week of August.
> >I assume, strace is not needed now because with August 19th Snapshot
> >I could not reproduce it myself?
>
> That's right.  It's good to hear that the problem disappeared.
>
> -chris

Ok, now I have new errors.  I am getting console open error
while compiling DDD 3.1.6.
They also appear when i type make install.

If it is not correct, please edit USERINFO and re-compile.

/cygnus/CYGWIN~4/H-I586~1/bin/sh ./config-info ./USERINFO USERINFO >
configinfo.
C~ && \
mv configinfo.C~ configinfo.C
c++  -DHAVE_CONFIG_H -O2 -g   -fpermissive -felide-constructors -fconserve-s
pace
 -trigraphs -c -I. -I. -I./.. -I/cygnus/cygwin-b20/X11R6.4/include -o
configinfo
.o configinfo.C
    0       0 [main]
/cygnus/CYGWIN~4/H-I586~1/bin/../lib/gcc-lib/i586-cygwin32/
2.95/cpp.exe 7443 fhandler_console::de_linearize: error opening console
after ex
ec, Win32 error 0
    0   67742 [main]
/cygnus/CYGWIN~4/H-I586~1/bin/../lib/gcc-lib/i586-cygwin32/
2.95/cpp 7443 fhandler_console::de_linearize: error opening console after
exec,
Win32 error 6
32336  100078 [main]
/cygnus/CYGWIN~4/H-I586~1/bin/../lib/gcc-lib/i586-cygwin32/
2.95/cpp 7443 fhandler_console::de_linearize: error opening console after
exec,
Win32 error 6
    0       0 [main]
/cygnus/CYGWIN~4/H-I586~1/bin/../lib/gcc-lib/i586-cygwin32/
2.95/cc1plus.exe 7444 fhandler_console::de_linearize: error opening console
afte
r exec, Win32 error 0
    0   32345 [main]
/cygnus/CYGWIN~4/H-I586~1/bin/../lib/gcc-lib/i586-cygwin32/
2.95/cc1plus 7444 fhandler_console::de_linearize: error opening console
after ex
ec, Win32 error 6
32177   64522 [main]
/cygnus/CYGWIN~4/H-I586~1/bin/../lib/gcc-lib/i586-cygwin32/
2.95/cc1plus 7444 fhandler_console::de_linearize: error opening console
after ex
ec, Win32 error 6
    0       0 [main]
/cygnus/CYGWIN~4/H-I586~1/bin/../lib/gcc-lib/i586-cygwin32/
2.95/../../../../i586-cygwin32/bin/as.exe 7445
fhandler_console::de_linearize: e
rror opening console after exec, Win32 error 0
    0   32819 [main]
/cygnus/CYGWIN~4/H-I586~1/bin/../lib/gcc-lib/i586-cygwin32/
2.95/../../../../i586-cygwin32/bin/as 7445 fhandler_console::de_linearize:
error
 opening console after exec, Win32 error 6
32427   65246 [main]
/cygnus/CYGWIN~4/H-I586~1/bin/../lib/gcc-lib/i586-cygwin32/
2.95/../../../../i586-cygwin32/bin/as 7445 fhandler_console::de_linearize:
error
 opening console after exec, Win32 error 6


--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com

Re: FW: Description of the new 'ntsec' feature

[Chris Faylor]

On Fri, Aug 20, 1999 at 09:14:00AM -0400, Suhaib Siddiqi wrote:
>> Also, I would really appreciate it if you use the latest snapshot for
>> yor tests.  There is a 19990818 snapshot and there should be one tonight
>> as well.
>
>I installed August 19th snapshot and problem disappeared.
>I was the snapshot from first week of August.
>I assume, strace is not needed now because with August 19th Snapshot
>I could not reproduce it myself?

That's right.  It's good to hear that the problem disappeared.

-chris

--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com

RE: FW: Description of the new 'ntsec' feature

[Suhaib Siddiqi]

> >Will send you strace report tomorrow, directly.  I have snapshot 
> only on my
> >Office
> >computer.  Though I know how to reproduce the problem.  This is the
> >scenario:
> >
> >I have SET CYGWIN=nonetsec in my cygwin.bat file.
> >
> >Open one bash shell, and kill a process, leave the bash shell open.
> >
> >Open a second bash shell and type ls or anything other command, except
> >cd, it goes in that endless cylcle of error messages I posted.  The
> >only way to get out of it is to kill both the bash shells.
> 
> Unfortunately, this scenario works fine for me.
> 
> Also, I would really appreciate it if you use the latest snapshot for
> yor tests.  There is a 19990818 snapshot and there should be one tonight
> as well.
> 
> cgf
> 


I installed August 19th snapshot and problem disappeared.
I was the snapshot from first week of August.
I assume, strace is not needed now because with August 19th Snapshot
I could not reproduce it myself?

Suhaib

--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com

Re: FW: Description of the new 'ntsec' feature

[Chris Faylor]

On Thu, Aug 19, 1999 at 08:51:51PM -0400, Suhaib M. Siddiqi wrote:
>> >Sorry Chris, my poor memory of remembering the exact langauge.
>> I did post a
>> >cut and pawst later in responbse to Corinna's post.
>> >If you have not received it, please let me know, I will report it.
>>
>> Yes, I saw it.  Sorry.  I've been in rush mode lately and have made the
>> mistake of not reading the complete thread before responding more than
>> once.
>>
>> If you could do this:
>>
>> strace -f -ostrace.out bash
>>
>> and then try to duplicate that error, it would be immensely useful.
>> The strace.out file may be enough to pinpoint what's going wrong.
>
>Will send you strace report tomorrow, directly.  I have snapshot only on my
>Office
>computer.  Though I know how to reproduce the problem.  This is the
>scenario:
>
>I have SET CYGWIN=nonetsec in my cygwin.bat file.
>
>Open one bash shell, and kill a process, leave the bash shell open.
>
>Open a second bash shell and type ls or anything other command, except
>cd, it goes in that endless cylcle of error messages I posted.  The
>only way to get out of it is to kill both the bash shells.

Unfortunately, this scenario works fine for me.

Also, I would really appreciate it if you use the latest snapshot for
yor tests.  There is a 19990818 snapshot and there should be one tonight
as well.

cgf

--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com

RE: FW: Description of the new 'ntsec' feature

[Suhaib M. Siddiqi]

> >
> >Sorry Chris, my poor memory of remembering the exact langauge.
> I did post a
> >cut and pawst later in responbse to Corinna's post.
> >If you have not received it, please let me know, I will report it.
>
> Yes, I saw it.  Sorry.  I've been in rush mode lately and have made the
> mistake of not reading the complete thread before responding more than
> once.
>
> If you could do this:
>
> strace -f -ostrace.out bash
>
> and then try to duplicate that error, it would be immensely useful.
> The strace.out file may be enough to pinpoint what's going wrong.
>
> -chris

Chris,

Will send you strace report tomorrow, directly.  I have snapshot only on my
Office
computer.  Though I know how to reproduce the problem.  This is the
scenario:

I have SET CYGWIN=nonetsec in my cygwin.bat file.

Open one bash shell, and kill a process, leave the bash shell open.

Open a second bash shell and type ls or anything other command, except cd,
it goes
in that endless cylcle of error messages I posted.  The only way to get
out of it is to kill both the bash shells.

Suhaib

>
> --
> Want to unsubscribe from this list?
> Send a message to cygwin-unsubscribe@sourceware.cygnus.com
>


--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com

Re: FW: Description of the new 'ntsec' feature

[Chris Faylor]

On Thu, Aug 19, 1999 at 12:34:52PM -0400, Suhaib Siddiqi wrote:
>> >snapshots).  Mostly I see this message (proc_info_signal 1000)
>> >when MAKE finishes compilation job.
>>
>> You're going to have to provide an actual error message, Suhaib.
>> The string proc_info_signal does not show up anywhere in cygwin.
>>
>> There is a proc_info structure and a sig_send function.  The sig_send
>> function could emit errors in some situations.  This is probably what
>> you're seeing and is probably what we need to track down.
>
>
>Sorry Chris, my poor memory of remembering the exact langauge.  I did post a
>cut and pawst later in responbse to Corinna's post.
>If you have not received it, please let me know, I will report it.

Yes, I saw it.  Sorry.  I've been in rush mode lately and have made the
mistake of not reading the complete thread before responding more than
once.

If you could do this:

strace -f -ostrace.out bash

and then try to duplicate that error, it would be immensely useful.
The strace.out file may be enough to pinpoint what's going wrong.

-chris

--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com

RE: FW: Description of the new 'ntsec' feature

[Suhaib Siddiqi]

> >snapshots).  Mostly I see this message (proc_info_signal 1000)
> >when MAKE finishes compilation job.
>
> You're going to have to provide an actual error message, Suhaib.
> The string proc_info_signal does not show up anywhere in cygwin.
>
> There is a proc_info structure and a sig_send function.  The sig_send
> function could emit errors in some situations.  This is probably what
> you're seeing and is probably what we need to track down.
>
> cgf


Sorry Chris, my poor memory of remembering the exact langauge.  I did post a
cut and pawst later in responbse to Corinna's post.
If you have not received it, please let me know, I will report it.

Regards


>
> >>If you still are having problems then they're probably not due to
> >>ntsec.  There's probably a bug in cygwin from something *I've* done.
>


--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com

Re: FW: Description of the new 'ntsec' feature

[Chris Faylor]

On Thu, Aug 19, 1999 at 06:55:13AM -0400, Suhaib Siddiqi wrote:
>
>
>> The philosophy was that we could get real ownership and real executable
>> bits and real UNIX permissions.  I also thought it would be nice to have
>> a multi-user NT system where people couldn't routinely kill each others'
>> processes.  I asked Corinna for this and she spent a lot of time on it.
>>
>
>Thanks, I understand now :-)
>
>> I can understand why you don't want to use it.  Just turn if off.
>
>I had it turnedd off.  However the proc_info_signal 1000 kill still kep
>poping up, though not as often as it used to before (til July's last week
>snapshots).  Mostly I see this message (proc_info_signal 1000)
>when MAKE finishes compilation job.

You're going to have to provide an actual error message, Suhaib.
The string proc_info_signal does not show up anywhere in cygwin.

There is a proc_info structure and a sig_send function.  The sig_send
function could emit errors in some situations.  This is probably what
you're seeing and is probably what we need to track down.

cgf

>>If you still are having problems then they're probably not due to
>>ntsec.  There's probably a bug in cygwin from something *I've* done.

--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com

RE: FW: Description of the new 'ntsec' feature

[Suhaib Siddiqi]

Here is the cut-and-paste of the error I mentioned.  Please note that I
opened a new bash shell and cd to /d/xc/config/cf and then typed ls X11.*
and it got into this endless cycle of lock_pinfo_for_update:.... errors that
I had to kill the bash shell.

Is this a bug in snapshot which could be related to new security feature???

Suhaib


bash-2.02$ cd /d/xc/config/cf
bash-2.02$ ls X11.*
    0       0 [main] c:\cygnus\CYGWIN~4\H-I586~1\bin\ls.exe 14916
lock_pinfo_for
_update: rc 258, Win32 error 0
    0 10024379 [main] ls 14916 lock_pinfo_for_update: rc 258, Win32 error 6
10024440 20048819 [main] ls 14916 lock_pinfo_for_update: rc 258, Win32 error
6
10024523 30073342 [main] ls 14916 lock_pinfo_for_update: rc 258, Win32 error
6
10024394 40097736 [main] ls 14916 lock_pinfo_for_update: rc 258, Win32 error
6
10027462 50125198 [main] ls 14916 lock_pinfo_for_update: rc 258, Win32 error
6
10021261 60146459 [main] ls 14916 lock_pinfo_for_update: rc 258, Win32 error
6
10024437 70170896 [main] ls 14916 lock_pinfo_for_update: rc 258, Win32 error
6





> -----Original Message-----
> From: Suhaib Siddiqi [ mailto:ssiddiqi@ipass.net ]
> Sent: Thursday, August 19, 1999 7:18 AM
> To: Corinna Vinschen; Cygwin@Sourceware. Cygnus. Com
> Subject: RE: FW: Description of the new 'ntsec' feature
>
>
>
> > > you still are having problems then they're probably not due to ntsec.
> > > There's probably a bug in cygwin from something *I've* done.
> >
> > And there's probably a bug in ntsec, too. I hope that some people are
> > willing, to give ntsec a try. It works "for me" but I'm not able to
> > see all consequences in my environment, so I need feedback.
> > If nobody would test your XFree porting results you would have a
> > far bigger problem, isn't it?
>
> I agree.  At the present time, I am down to only 2 people support
> for Xfree, myself and John Fortin.  All the Cygwin (9 users) who
> were willing to help and contribute have backed off.  i guess
> after looking at 100 MB of source code and a lot of Assembly code
> in xfree/os-support
> most of them decided to take off instead of attempting to play
> with 10s MB of Assembly code.
>
> >
> > The main items are:
> > - Are there real bugs?
>
> I really do not know.  But I kept getting this *proc_info_signal
> 1000 ...* mostly after MAKE finishes the compilation job.  Sometimes
> I get bash hanged if I try to kill a process.  I tried
> CYGWIN=nontsec and without nontsec.
>
> > - Are the choosen security settings adequate?
>
> At least a brief overview on Cygwin Web pages would help.
>
> > - Should the settings for administrators better be as in NT itself?
> > - How is it possible to do convenient without /etc/passwd and
> >   /etc/group?
> >
> > And, last but not least: Patches are gratefully accepted ;-)
>
> Sorry, cannot contribute patches for it.  I have a very limited
> knowledge on security code you wrote ;-)
>
> >
> > Regards,
> > Corinna
> >
> >
> > --
> > Want to unsubscribe from this list?
> > Send a message to cygwin-unsubscribe@sourceware.cygnus.com
> >


--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com

RE: FW: Description of the new 'ntsec' feature

[Suhaib Siddiqi]

>
> I'm really interested in this xfree port but I'm sure that I can't help.
> My knowledge in graphics software algorithms is very restricted. I'm
> _really_ happy that I'm able to use MFC (and Quickdraw on the Mac in
> these "early days") though I don't use it with pleasure. Unfortunately
> I never had a big chance to learn X. My private tries were stuck in
> programming a Motif "Hello, World" clone :-))

The graphic stuff had already been taken care.  What I need, a help in
writing a device driver for Windows.  I have zero knowledge on devices
drivers, therefore I had asked a couple of other dvelopers i know to help me
out to complete the Xfree86 port.

>
> > [...]
> > > - Are the choosen security settings adequate?
> >
> > At least a brief overview on Cygwin Web pages would help.
>
> That was one of the reasons for publishing the document: It describes
> the
> settings that are made, especially the deverging settings for the admin
> group. Did you read the document? Comments?


Oh, I am sorry, I must have missed it.  I would try to find it in Cygwin
archives and read it carefully.

Regards
Suhaib

>
> > [...]
> > Sorry, cannot contribute patches for it.  I have a very limited
> knowledge on
> > security code you wrote ;-)
>
> See above :-)
>
> Regards,
> Corinna
>
> --
> Want to unsubscribe from this list?
> Send a message to cygwin-unsubscribe@sourceware.cygnus.com
>


--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com

Re: FW: Description of the new 'ntsec' feature

[Corinna Vinschen]

Suhaib Siddiqi wrote:
> [...]
> I agree.  At the present time, I am down to only 2 people support for Xfree,
> myself and John Fortin.  All the Cygwin (9 users) who were willing to help
> and contribute have backed off.  i guess after looking at 100 MB of source
> code and a lot of Assembly code in xfree/os-support
> most of them decided to take off instead of attempting to play with 10s MB
> of Assembly code.

I'm really interested in this xfree port but I'm sure that I can't help.
My knowledge in graphics software algorithms is very restricted. I'm
_really_ happy that I'm able to use MFC (and Quickdraw on the Mac in
these "early days") though I don't use it with pleasure. Unfortunately
I never had a big chance to learn X. My private tries were stuck in
programming a Motif "Hello, World" clone :-))

> [...]
> > - Are the choosen security settings adequate?
> 
> At least a brief overview on Cygwin Web pages would help.

That was one of the reasons for publishing the document: It describes
the
settings that are made, especially the deverging settings for the admin
group. Did you read the document? Comments? 

> [...]
> Sorry, cannot contribute patches for it.  I have a very limited knowledge on
> security code you wrote ;-)

See above :-)

Regards,
Corinna

--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com

RE: FW: Description of the new 'ntsec' feature

[Suhaib Siddiqi]

> > you still are having problems then they're probably not due to ntsec.
> > There's probably a bug in cygwin from something *I've* done.
>
> And there's probably a bug in ntsec, too. I hope that some people are
> willing, to give ntsec a try. It works "for me" but I'm not able to
> see all consequences in my environment, so I need feedback.
> If nobody would test your XFree porting results you would have a
> far bigger problem, isn't it?

I agree.  At the present time, I am down to only 2 people support for Xfree,
myself and John Fortin.  All the Cygwin (9 users) who were willing to help
and contribute have backed off.  i guess after looking at 100 MB of source
code and a lot of Assembly code in xfree/os-support
most of them decided to take off instead of attempting to play with 10s MB
of Assembly code.

>
> The main items are:
> - Are there real bugs?

I really do not know.  But I kept getting this *proc_info_signal 1000 ...*
mostly after MAKE finishes the compilation job.  Sometimes
I get bash hanged if I try to kill a process.  I tried
CYGWIN=nontsec and without nontsec.

> - Are the choosen security settings adequate?

At least a brief overview on Cygwin Web pages would help.

> - Should the settings for administrators better be as in NT itself?
> - How is it possible to do convenient without /etc/passwd and
>   /etc/group?
>
> And, last but not least: Patches are gratefully accepted ;-)

Sorry, cannot contribute patches for it.  I have a very limited knowledge on
security code you wrote ;-)

>
> Regards,
> Corinna
>
>
> --
> Want to unsubscribe from this list?
> Send a message to cygwin-unsubscribe@sourceware.cygnus.com
>


--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com

RE: FW: Description of the new 'ntsec' feature

[Suhaib Siddiqi]

> The philosophy was that we could get real ownership and real executable
> bits and real UNIX permissions.  I also thought it would be nice to have
> a multi-user NT system where people couldn't routinely kill each others'
> processes.  I asked Corinna for this and she spent a lot of time on it.
>

Thanks, I understand now :-)

> I can understand why you don't want to use it.  Just turn if off.

I had it turnedd off.  However the proc_info_signal 1000 kill still kep
poping up, though not as often as it used to before (til July's last week
snapshots).  Mostly I see this message (proc_info_signal 1000)
when MAKE finishes compilation job.

Suhaib

>If
> you still are having problems then they're probably not due to ntsec.
> There's probably a bug in cygwin from something *I've* done.
>
> cgf
>


--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com

Re: FW: Description of the new 'ntsec' feature

[Corinna Vinschen]

Chris Faylor wrote:
> On Wed, Aug 18, 1999 at 09:20:36PM -0400, Suhaib M. Siddiqi wrote:
> > [...]
> >In my hands NTSEC had been very annoying.  I get all the time those
> >pinfo_proc kill at 1000 blah blah.
> >
> >I did not understand the philosophy behind NTSEC.  Cygwin is a
> >development tool not a multiuser UNIX login system, thus I am not sure
> >implementing all the UNIX traditional security features would be
> >helpfull for development tools.
> 
> The philosophy was that we could get real ownership and real executable
> bits and real UNIX permissions.  I also thought it would be nice to have
> a multi-user NT system where people couldn't routinely kill each others'
> processes.  I asked Corinna for this and she spent a lot of time on it.

Another problem was: A cygwin process that was started via service
manager (inetd) and it's child process (telnetd, sshd, etc) couldn't
be killed with cygwin tools (kill). So I spent time to look over NT
security to solve this problem, which was a developers problem.

Note, that you are _able_ to work with cygwin as if you work in
the mentioned multiuser UNIX system. Moreover it's possible to
_develop_ with other persons in the same cygwin environment on
the same workstation together. Why not supporting this with a
suitable security model?

> I can understand why you don't want to use it.  Just turn if off.  If
> you still are having problems then they're probably not due to ntsec.
> There's probably a bug in cygwin from something *I've* done.

And there's probably a bug in ntsec, too. I hope that some people are
willing, to give ntsec a try. It works "for me" but I'm not able to
see all consequences in my environment, so I need feedback. 
If nobody would test your XFree porting results you would have a
far bigger problem, isn't it?

The main items are:
- Are there real bugs?
- Are the choosen security settings adequate?
- Should the settings for administrators better be as in NT itself?
- How is it possible to do convenient without /etc/passwd and
  /etc/group?

And, last but not least: Patches are gratefully accepted ;-)

Regards,
Corinna


--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com

Re: FW: Description of the new 'ntsec' feature

[Chris Faylor]

On Wed, Aug 18, 1999 at 09:20:36PM -0400, Suhaib M. Siddiqi wrote:
>> > [...]
>> > It would help to know exactly when these features were added to the
>> > snapshots. I grabbed 990815 since it was the latest, but many programs
>> > (vim, etc.) just core dump with it. (I'm running NT4 SP5.)
>> > [...]
>>
>> It's part of the snapshots since 25-May. If you think that the ntsec
>> feature is the reason for the core dumps you have two choices:
>>
>> - Send me an strace
>> - set CYGWIN=nontsec
>
>In my hands NTSEC had been very annoying.  I get all the time those
>pinfo_proc kill at 1000 blah blah.
>
>I did not understand the philosophy behind NTSEC.  Cygwin is a
>development tool not a multiuser UNIX login system, thus I am not sure
>implementing all the UNIX traditional security features would be
>helpfull for development tools.

The philosophy was that we could get real ownership and real executable
bits and real UNIX permissions.  I also thought it would be nice to have
a multi-user NT system where people couldn't routinely kill each others'
processes.  I asked Corinna for this and she spent a lot of time on it.

I can understand why you don't want to use it.  Just turn if off.  If
you still are having problems then they're probably not due to ntsec.
There's probably a bug in cygwin from something *I've* done.

cgf

--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com

FW: Description of the new 'ntsec' feature

[Suhaib M. Siddiqi]

> Jim & Jenn Dumser wrote:
> > [...]
> > It would help to know exactly when these features were added to the
> > snapshots. I grabbed 990815 since it was the latest, but many programs
> > (vim, etc.) just core dump with it. (I'm running NT4 SP5.)
> > [...]
>
> It's part of the snapshots since 25-May. If you think that the ntsec
> feature is the reason for the core dumps you have two choices:
>
> - Send me an strace
> - set CYGWIN=nontsec

In my hands NTSEC had been very annoying.  I get all the time those
pinfo_proc kill at 1000 blah blah.

I did not understand the philosophy behind NTSEC.  Cygwin is a development
tool
not a multiuser UNIX login system, thus I am not sure implementing all the
UNIX
traditional security features would be helpfull for development tools.

Suhaib


>
> I'm using ntsec since I begun to develop it (since mid of January) and
> I'm using vim, too. I don't have any core dump with it. This should not
> imply, that I believe, ntsec is error free! Moreover, ntsec is a widely
> discussable feature and it will not be useful for everyone.
>
> Regards,
> Corinna
>
>
>
> --
> Want to unsubscribe from this list?
> Send a message to cygwin-unsubscribe@sourceware.cygnus.com
>


--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com