Mailing-List:	contact cygwin-help AT sourceware DOT cygnus DOT com; run by ezmlm
List-Unsubscribe:	<mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT sourceware DOT cygnus DOT com>
List-Subscribe:	<mailto:cygwin-subscribe AT sourceware DOT cygnus DOT com>
List-Archive:	<http://sourceware.cygnus.com/ml/cygwin/>
List-Post:	<mailto:cygwin AT sourceware DOT cygnus DOT com>
List-Help:	<mailto:cygwin-help AT sourceware DOT cygnus DOT com>, <http://sourceware.cygnus.com/ml/#faqs>
Sender:	cygwin-owner AT sourceware DOT cygnus DOT com
Delivered-To:	mailing list cygwin AT sourceware DOT cygnus DOT com
From:	"Kai Henningsen" <kai AT cats DOT ms>
Organization:	Spuentrup CTI
To:	Kai Henningsen <kai AT cats DOT ms>, "Charles S. Wilson" <cwilson AT ece DOT gatech DOT edu>
Date:	Thu, 7 Oct 1999 11:05:57 +0200
MIME-Version:	1.0
Subject:	Re: not updating unwritable cache ../config.cache
CC:	cygwin AT sourceware DOT cygnus DOT com
X-Confirm-Reading-To:	"Kai Henningsen" <kai AT cats DOT ms>
X-pmrqc:	1
In-reply-to:	<37FB6FF7.2838013E@ece.gatech.edu>
X-mailer:	Pegasus Mail for Win32 (v3.12a)
Message-Id:	<E11Z9Ur-0003qG-00@charlotte.intern.cats.ms>
X-MIME-Autoconverted:	from Quoted-printable to 8bit by delorie.com id FAA02726

On 6 Oct 99, at 11:51, Charles S. Wilson wrote:

> #513 is "None" in english.) I believe you have discovered a *different*
> problem, which is a bug. Echo doesn't seem to check permissions. If you
> do a 

Huh?! Echo (rather, bash) _should not_ check permissions. It 
should just try to do what it's told to do.

> if [ -w test ]; then echo writable; else echo non-writable; fi
> 
> you should see the results I described.

Well yes, and _that_ is the bug. 

Under Unix, this is typically done with supplementary groups (from our server:  
$ id
uid=1000(kai) gid=1000(kai) groups=1000(kai),20(dialout),33(www-data),50(staff),102(entwicklung),104(everyone)
$
), but of course that isn't _exactly_ what NT does. 

The usual solution (even under Unix) is that most accesses just try 
and see if the kernel lets them through, and stuff like test uses 
access() which maps, again, to a system call so the kernel 
determines if the access in question is possible. The stat() results 
should only ever be used for security outside the kernel in 
extraordinary circumstances.

Of course, cygwin _could_ define parts of newlib as kernel, but in 
this particular case, that seems pointless. Security that only works 
for programs compiled with cygwin seems futile.

On the other hand, I don't know what the Win32 analog to access() 
would be. Maybe the only choice is to actually try to open the file 
(except for the existence test, of course).

> > > 2) Don't do things as a member of the Administrators group member. Use a
> > > normal user account.
> > 
> > It's the only one I have.
> 
> However, if you have administrator priveleges, then you can certainly
> create a normal user account. If you *choose* not to do this, that is
> your right and your decision. 

If I create a different account, then NT will keep me from important 
applications, I'll have trouble getting at my mail, I'll have trouble 
mapping network drives, ...

Not really unsolvable, but a _huge_ amount of work.


Regards - Kai Henningsen

-- 
http://www.cats.ms
Spuentrup CTI       Fon: +49 251 322311 0  
Windbreede 12       Fax: +49 251 322311 99
D-48157 Münster     Mob: +49 161 3223111
Germany             GSM: +49 171 7755060

--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe AT sourceware DOT cygnus DOT com

- Raw text -