From: "Kai Henningsen" <kai@cats.ms>
To: Kai Henningsen <kai@cats.ms>,
"Charles S. Wilson" <cwilson@ece.gatech.edu>
Cc: cygwin@sourceware.cygnus.com
Subject: Re: not updating unwritable cache ../config.cache
Date: Thu, 07 Oct 1999 02:10:00 -0000 [thread overview]
Message-ID: <E11Z9Ur-0003qG-00@charlotte.intern.cats.ms> (raw)
In-Reply-To: <37FB6FF7.2838013E@ece.gatech.edu>
On 6 Oct 99, at 11:51, Charles S. Wilson wrote:
> #513 is "None" in english.) I believe you have discovered a *different*
> problem, which is a bug. Echo doesn't seem to check permissions. If you
> do a
Huh?! Echo (rather, bash) _should not_ check permissions. It
should just try to do what it's told to do.
> if [ -w test ]; then echo writable; else echo non-writable; fi
>
> you should see the results I described.
Well yes, and _that_ is the bug.
Under Unix, this is typically done with supplementary groups (from our server:
$ id
uid=1000(kai) gid=1000(kai) groups=1000(kai),20(dialout),33(www-data),50(staff),102(entwicklung),104(everyone)
$
), but of course that isn't _exactly_ what NT does.
The usual solution (even under Unix) is that most accesses just try
and see if the kernel lets them through, and stuff like test uses
access() which maps, again, to a system call so the kernel
determines if the access in question is possible. The stat() results
should only ever be used for security outside the kernel in
extraordinary circumstances.
Of course, cygwin _could_ define parts of newlib as kernel, but in
this particular case, that seems pointless. Security that only works
for programs compiled with cygwin seems futile.
On the other hand, I don't know what the Win32 analog to access()
would be. Maybe the only choice is to actually try to open the file
(except for the existence test, of course).
> > > 2) Don't do things as a member of the Administrators group member. Use a
> > > normal user account.
> >
> > It's the only one I have.
>
> However, if you have administrator priveleges, then you can certainly
> create a normal user account. If you *choose* not to do this, that is
> your right and your decision.
If I create a different account, then NT will keep me from important
applications, I'll have trouble getting at my mail, I'll have trouble
mapping network drives, ...
Not really unsolvable, but a _huge_ amount of work.
Regards - Kai Henningsen
--
http://www.cats.ms
Spuentrup CTI Fon: +49 251 322311 0
Windbreede 12 Fax: +49 251 322311 99
D-48157 Münster Mob: +49 161 3223111
Germany GSM: +49 171 7755060
--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com
WARNING: multiple messages have this Message-ID
From: "Kai Henningsen" <kai@cats.ms>
To: Kai Henningsen <kai@cats.ms>,
"Charles S. Wilson" <cwilson@ece.gatech.edu>
Cc: cygwin@sourceware.cygnus.com
Subject: Re: not updating unwritable cache ../config.cache
Date: Sun, 31 Oct 1999 19:54:00 -0000 [thread overview]
Message-ID: <E11Z9Ur-0003qG-00@charlotte.intern.cats.ms> (raw)
Message-ID: <19991031195400.ciKHzwWZRCXE9gwIVb4r9XYCDEIN_isJ6dw6D5DtXPM@z> (raw)
In-Reply-To: <37FB6FF7.2838013E@ece.gatech.edu>
On 6 Oct 99, at 11:51, Charles S. Wilson wrote:
> #513 is "None" in english.) I believe you have discovered a *different*
> problem, which is a bug. Echo doesn't seem to check permissions. If you
> do a
Huh?! Echo (rather, bash) _should not_ check permissions. It
should just try to do what it's told to do.
> if [ -w test ]; then echo writable; else echo non-writable; fi
>
> you should see the results I described.
Well yes, and _that_ is the bug.
Under Unix, this is typically done with supplementary groups (from our server:
$ id
uid=1000(kai) gid=1000(kai) groups=1000(kai),20(dialout),33(www-data),50(staff),102(entwicklung),104(everyone)
$
), but of course that isn't _exactly_ what NT does.
The usual solution (even under Unix) is that most accesses just try
and see if the kernel lets them through, and stuff like test uses
access() which maps, again, to a system call so the kernel
determines if the access in question is possible. The stat() results
should only ever be used for security outside the kernel in
extraordinary circumstances.
Of course, cygwin _could_ define parts of newlib as kernel, but in
this particular case, that seems pointless. Security that only works
for programs compiled with cygwin seems futile.
On the other hand, I don't know what the Win32 analog to access()
would be. Maybe the only choice is to actually try to open the file
(except for the existence test, of course).
> > > 2) Don't do things as a member of the Administrators group member. Use a
> > > normal user account.
> >
> > It's the only one I have.
>
> However, if you have administrator priveleges, then you can certainly
> create a normal user account. If you *choose* not to do this, that is
> your right and your decision.
If I create a different account, then NT will keep me from important
applications, I'll have trouble getting at my mail, I'll have trouble
mapping network drives, ...
Not really unsolvable, but a _huge_ amount of work.
Regards - Kai Henningsen
--
http://www.cats.ms
Spuentrup CTI Fon: +49 251 322311 0
Windbreede 12 Fax: +49 251 322311 99
D-48157 Münster Mob: +49 161 3223111
Germany GSM: +49 171 7755060
--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com
next prev parent reply other threads:[~1999-10-07 2:10 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <E11YmB6-0007yR-00@charlotte.intern.cats.ms>
1999-10-06 8:49 ` Charles S. Wilson
1999-10-07 2:10 ` Kai Henningsen [this message]
1999-10-31 19:54 ` Kai Henningsen
1999-10-31 19:54 ` Charles S. Wilson
2000-03-24 15:58 John Wiersba
-- strict thread matches above, loose matches on Subject: below --
2000-03-24 15:25 John Wiersba
2000-03-25 20:02 ` Larry Hall (RFK Partners, Inc)
2000-03-24 15:15 John Wiersba
2000-03-24 13:07 John Wiersba
2000-03-24 13:36 ` John Fortin
2000-03-24 14:48 ` Larry Hall (RFK Partners, Inc)
1999-10-07 5:05 Bernard Dautrevaux
1999-10-31 19:54 ` Bernard Dautrevaux
1999-10-07 4:42 Earnie Boyd
1999-10-31 19:54 ` Earnie Boyd
1999-10-07 2:54 Bernard Dautrevaux
1999-10-07 6:40 ` Kai Henningsen
1999-10-31 19:54 ` Kai Henningsen
1999-10-31 19:54 ` Bernard Dautrevaux
1999-10-05 5:12 Earnie Boyd
1999-10-05 5:43 ` Corinna Vinschen
1999-10-05 8:24 ` Kai Henningsen
1999-10-05 11:54 ` Corinna Vinschen
1999-10-06 1:55 ` Kai Henningsen
1999-10-06 8:05 ` Corinna Vinschen
1999-10-31 19:54 ` Corinna Vinschen
1999-10-31 19:54 ` Kai Henningsen
1999-10-06 3:24 ` Kai Henningsen
1999-10-06 8:05 ` Corinna Vinschen
1999-10-07 1:37 ` Kai Henningsen
1999-10-31 19:54 ` Kai Henningsen
1999-10-31 19:54 ` Corinna Vinschen
1999-10-31 19:54 ` Kai Henningsen
1999-10-31 19:54 ` Corinna Vinschen
1999-10-31 19:54 ` Kai Henningsen
1999-10-31 19:54 ` Corinna Vinschen
1999-10-31 19:54 ` Earnie Boyd
1999-10-05 2:07 Kai Henningsen
1999-10-05 2:30 ` Glenn Spell
1999-10-05 2:54 ` Kai Henningsen
1999-10-31 19:54 ` Kai Henningsen
1999-10-31 19:54 ` Glenn Spell
1999-10-31 19:54 ` Kai Henningsen
1999-10-05 1:24 Kai Henningsen
1999-10-31 19:54 ` Kai Henningsen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=E11Z9Ur-0003qG-00@charlotte.intern.cats.ms \
--to=kai@cats.ms \
--cc=cwilson@ece.gatech.edu \
--cc=cygwin@sourceware.cygnus.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).