From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Kai Henningsen" To: Kai Henningsen , "Charles S. Wilson" Cc: cygwin@sourceware.cygnus.com Subject: Re: not updating unwritable cache ../config.cache Date: Thu, 07 Oct 1999 02:10:00 -0000 Message-id: References: <37FB6FF7.2838013E@ece.gatech.edu> X-SW-Source: 1999-10/msg00101.html On 6 Oct 99, at 11:51, Charles S. Wilson wrote: > #513 is "None" in english.) I believe you have discovered a *different* > problem, which is a bug. Echo doesn't seem to check permissions. If you > do a Huh?! Echo (rather, bash) _should not_ check permissions. It should just try to do what it's told to do. > if [ -w test ]; then echo writable; else echo non-writable; fi > > you should see the results I described. Well yes, and _that_ is the bug. Under Unix, this is typically done with supplementary groups (from our server: $ id uid=1000(kai) gid=1000(kai) groups=1000(kai),20(dialout),33(www-data),50(staff),102(entwicklung),104(everyone) $ ), but of course that isn't _exactly_ what NT does. The usual solution (even under Unix) is that most accesses just try and see if the kernel lets them through, and stuff like test uses access() which maps, again, to a system call so the kernel determines if the access in question is possible. The stat() results should only ever be used for security outside the kernel in extraordinary circumstances. Of course, cygwin _could_ define parts of newlib as kernel, but in this particular case, that seems pointless. Security that only works for programs compiled with cygwin seems futile. On the other hand, I don't know what the Win32 analog to access() would be. Maybe the only choice is to actually try to open the file (except for the existence test, of course). > > > 2) Don't do things as a member of the Administrators group member. Use a > > > normal user account. > > > > It's the only one I have. > > However, if you have administrator priveleges, then you can certainly > create a normal user account. If you *choose* not to do this, that is > your right and your decision. If I create a different account, then NT will keep me from important applications, I'll have trouble getting at my mail, I'll have trouble mapping network drives, ... Not really unsolvable, but a _huge_ amount of work. Regards - Kai Henningsen -- http://www.cats.ms Spuentrup CTI Fon: +49 251 322311 0 Windbreede 12 Fax: +49 251 322311 99 D-48157 Münster Mob: +49 161 3223111 Germany GSM: +49 171 7755060 -- Want to unsubscribe from this list? Send a message to cygwin-unsubscribe@sourceware.cygnus.com From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Kai Henningsen" To: Kai Henningsen , "Charles S. Wilson" Cc: cygwin@sourceware.cygnus.com Subject: Re: not updating unwritable cache ../config.cache Date: Sun, 31 Oct 1999 19:54:00 -0000 Message-ID: References: <37FB6FF7.2838013E@ece.gatech.edu> X-SW-Source: 1999-10n/msg00101.html Message-ID: <19991031195400.ciKHzwWZRCXE9gwIVb4r9XYCDEIN_isJ6dw6D5DtXPM@z> On 6 Oct 99, at 11:51, Charles S. Wilson wrote: > #513 is "None" in english.) I believe you have discovered a *different* > problem, which is a bug. Echo doesn't seem to check permissions. If you > do a Huh?! Echo (rather, bash) _should not_ check permissions. It should just try to do what it's told to do. > if [ -w test ]; then echo writable; else echo non-writable; fi > > you should see the results I described. Well yes, and _that_ is the bug. Under Unix, this is typically done with supplementary groups (from our server: $ id uid=1000(kai) gid=1000(kai) groups=1000(kai),20(dialout),33(www-data),50(staff),102(entwicklung),104(everyone) $ ), but of course that isn't _exactly_ what NT does. The usual solution (even under Unix) is that most accesses just try and see if the kernel lets them through, and stuff like test uses access() which maps, again, to a system call so the kernel determines if the access in question is possible. The stat() results should only ever be used for security outside the kernel in extraordinary circumstances. Of course, cygwin _could_ define parts of newlib as kernel, but in this particular case, that seems pointless. Security that only works for programs compiled with cygwin seems futile. On the other hand, I don't know what the Win32 analog to access() would be. Maybe the only choice is to actually try to open the file (except for the existence test, of course). > > > 2) Don't do things as a member of the Administrators group member. Use a > > > normal user account. > > > > It's the only one I have. > > However, if you have administrator priveleges, then you can certainly > create a normal user account. If you *choose* not to do this, that is > your right and your decision. If I create a different account, then NT will keep me from important applications, I'll have trouble getting at my mail, I'll have trouble mapping network drives, ... Not really unsolvable, but a _huge_ amount of work. Regards - Kai Henningsen -- http://www.cats.ms Spuentrup CTI Fon: +49 251 322311 0 Windbreede 12 Fax: +49 251 322311 99 D-48157 Münster Mob: +49 161 3223111 Germany GSM: +49 171 7755060 -- Want to unsubscribe from this list? Send a message to cygwin-unsubscribe@sourceware.cygnus.com