From: "Karsten Fleischer" <K.Fleischer@omnium.de>
To: <cygwin@cygwin.com>
Subject: RE: ksh on cygwin
Date: Thu, 10 Jan 2002 17:11:00 -0000 [thread overview]
Message-ID: <DIENLECHGMDAEJHGMEBCIEALCBAA.K.Fleischer@omnium.de> (raw)
In-Reply-To: <20020110183618.GD26493@redhat.com>
> >>OK, more detailed. I allow only absolute pathes in $SHELL and don't
> >>allow any *csh. If superuser then only shells from [/usr][/local]/bin
> >>are considered trusted shells. If not superuser shells from other
> >>directories are allowed, but if uid != euid or gid != egid the shell
> >>and the directory where it resides must not be writable. Fall back
> >>value is /bin/sh.
> >
> >But, uhm, what exactly is a `superuser' from your point of view? We
> >don't have that concept except for SYSTEM as _the_ user which is able
> >to change user context w/o changing security policies. And on 9x/Me...
>
> It sounds like all of this is pretty non-standard, AFAICT. I can see
> why you'd do something like this but I don't think there is any reason
> to divert cygwin in this direction at this point in its life. It's
> a pretty major change.
It's not a major change.
SUSv2 doesn't say that you have to use /bin/sh for a shell. It even says
that $SHELL can name the user's favorite shell.
I know that you always have trouble with users who copy /bin/bash to
/bin/sh, it's a monthly issue on the mailing list. My patch would solve this
in an easy way.
Regarding the security issues, as Corinna pointed out there's no "superuser"
with uid == 0, so the things I proposed above can be dropped.
Karsten
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
next prev parent reply other threads:[~2002-01-11 1:11 UTC|newest]
Thread overview: 55+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-01-10 6:13 Fleischer, Karsten (K.)
2002-01-10 6:37 ` Corinna Vinschen
2002-01-10 10:44 ` Christopher Faylor
2002-01-10 17:11 ` Karsten Fleischer [this message]
2002-01-10 17:41 ` Christopher Faylor
2002-01-10 19:10 ` Gary R. Van Sickle
-- strict thread matches above, loose matches on Subject: below --
2002-06-18 14:35 KSH on Cygwin Eric De Mund
2002-06-14 15:20 Joshua Elson
2002-06-16 6:11 ` Jon LaBadie
2002-06-17 9:20 ` Thomas Baker
2002-06-18 5:52 ` Thomas Baker
2002-06-18 8:07 ` Corinna Vinschen
2002-06-18 9:28 ` Thomas Baker
2002-06-18 10:15 ` Nicholas Wourms
2002-06-18 13:56 ` Jon LaBadie
2002-01-11 8:13 ksh on cygwin Fleischer, Karsten (K.)
2002-01-11 6:54 Fleischer, Karsten (K.)
2002-01-11 7:41 ` Corinna Vinschen
2002-01-11 5:59 Fleischer, Karsten (K.)
2002-01-11 6:19 ` Corinna Vinschen
2002-01-11 9:18 ` Christopher Faylor
2002-01-11 19:21 ` Karsten Fleischer
2002-01-11 22:31 ` Christopher Faylor
2002-01-15 8:53 ` Karsten Fleischer
2002-01-15 10:20 ` Christopher Faylor
2002-01-15 16:56 ` Karsten Fleischer
2002-01-15 17:00 ` Christopher Faylor
2002-01-15 18:20 ` Karsten Fleischer
2002-01-10 8:18 Fleischer, Karsten (K.)
2002-01-10 10:40 ` Christopher Faylor
2002-01-10 11:17 ` Christopher Faylor
2002-01-10 17:10 ` Karsten Fleischer
2002-01-10 17:32 ` Christopher Faylor
2002-01-10 17:10 ` Karsten Fleischer
2002-01-10 17:31 ` Christopher Faylor
2002-01-10 17:53 ` Christopher Faylor
2002-01-10 17:55 ` Robert Collins
2002-01-10 7:51 Fleischer, Karsten (K.)
2002-01-10 8:03 ` Corinna Vinschen
2002-01-10 8:07 ` Christopher Faylor
2002-01-10 7:10 Fleischer, Karsten (K.)
2002-01-10 7:28 ` Corinna Vinschen
2002-01-10 7:37 ` Corinna Vinschen
2002-01-10 4:59 Fleischer, Karsten (K.)
2002-01-10 5:46 ` Corinna Vinschen
2002-01-10 5:54 ` Robert Collins
2002-01-10 6:07 ` Corinna Vinschen
2002-01-11 2:33 ` Robert Collins
2002-01-11 2:55 ` Corinna Vinschen
2002-01-11 2:56 ` Robert Collins
2002-01-10 8:05 ` Christopher Faylor
2002-01-09 16:57 ksh on Cygwin Karsten Fleischer
2002-01-09 17:11 ` ksh on cygwin Christopher Faylor
2002-01-09 17:32 ` Karsten Fleischer
2002-01-09 18:20 ` Christopher Faylor
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=DIENLECHGMDAEJHGMEBCIEALCBAA.K.Fleischer@omnium.de \
--to=k.fleischer@omnium.de \
--cc=cygwin@cygwin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).