Mail Archives: cygwin/2010/01/04/21:09:00
On 01/04/2010 08:29 PM, Thomas Nisbach wrote:
> Larry Hall (Cygwin<reply-to-list-only-lh<at> cygwin.com> writes:
>
>>
>> On 01/04/2010 06:18 PM, Thomas Nisbach wrote:
>>> Bob Burger<burgerrg<at> gmail.com> writes:
>>> ....
>>> Any ideas?
>>
>> Are you using LSA? Have you read the security sections of the Users Guide?
>> <http://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-setuid-overview>
>>
>
> I just read a lot in the guide, since it was hardly recommended before
> updating to 1.7.1-1. After reading the security section I am quite sure I
> never runned cyglsa-config (/bin/cyglsa also does not exist).
There's probably very little reason to not go the "cyglsa" route, other than
the
the fact that ssh-host-config doesn't configure 'sshd' to use it. ;-) It
might even
be the panacea for all those who are used to running 'sshd' on Linux where
special permissions aren't necessary and it's common to run it as 'root'
(Administrator in Windows is the pseudo equivalent) from a command line,
at least for debugging. This has caused many a problem for these people
on Cygwin because you cannot do this and easily get it to work afterward.
You're in this boat. You either need to start over from scratch (i.e. remove
Cygwin and install again) or you need to go through 'ssh-host-config' and make
sure your permissions/ownerships are set the way it would set them.
>>> PS: I stopped Google Desktop (known as application from BLODA list), but
> this
>>> was not the problem.
>>
>> BLODA is often not removed from having an effect without uninstalling the
>> offending package. I can't say whether that's a requirement for Google
>> Desktop however.
>>
> There was a thread at Google (http://groups.google.com/group/Google-
> Desktop_Something-Broken/browse_thread/thread/0dabf807fbdf2d7f) I
> participated. We found, that in Google Desktop v5.8 the additional preloading
> of DLLs into any app's memory corrupted cygrunsrv (probably at fork()).
> Stopping GD and renaming the regkey
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
> \Windows\AppInit_DLLs was enough to make cygrunsrv/sshd running - no
> deinstallation/reboot was necessary. This was exactly what I've done this
> time - even I now run GD v5.9, which operated fine with cygrunsrv/sshd until I
> updated to CYGWIN v1.7.1.
Yep, that's fine. Removing the DLL injection is enough here. Deinstallation
gets you that by default but isn't a requirement.
> Additionally I found a problem with /var/empty permissions when using SSH
> privilege separation (also worked before). Even when I chmod 711 /var/empty,
> create a 'root' user and chown root:root /var/empty I get '/var/empty must be
> owned by root and not group or world-writable'. I entertain suspicion that
> there happened something stupid with the filesystem permissions for processes
> running as SYSTEM and/or background process...
See the comments I made above about "cyglsa" and 'root'. In this case, 'root',
or its relative Windows equivalent, 'Administrators', is not what you want.
'SYSTEM'
is what you want (on XP, cygserver is what you want for later Windows versions).
--
Larry Hall http://www.rfk.com
RFK Partners, Inc. (508) 893-9779 - RFK Office
216 Dalton Rd. (508) 893-9889 - FAX
Holliston, MA 01746
_____________________________________________________________________
A: Yes.
> Q: Are you sure?
>> A: Because it reverses the logical flow of conversation.
>>> Q: Why is top posting annoying in email?
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
- Raw text -