| delorie.com/archives/browse.cgi | search |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| DomainKey-Signature: | a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:date:from:to:subject:message-id:reply-to | |
| :references:mime-version:content-type:in-reply-to; q=dns; s= | |
| default; b=PhcoeDcuxtkBuvRrweTThMSBm180MbG0ehLF3ki7hjAzXcHcDL99t | |
| TnCpfRsd7b73PnJoqdZWn+/TFDVhk/NE+kdFlucckO5eNXfILQ0wxcZknQlsELo5 | |
| nmNFnNEMEg1/6En72I5X/omUjTjM+mQIsK2VhTpXPu9rtMwLVCM8rk= | |
| DKIM-Signature: | v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:date:from:to:subject:message-id:reply-to | |
| :references:mime-version:content-type:in-reply-to; s=default; | |
| bh=T/7Hn0Puh1BYJqi9SNP6qwcBunU=; b=amV0rhCZDCfcnku1CjbiJo52dxv1 | |
| jm2hThS1HJNmkXerXgcxunCAGU2mlGZWHZ0l0PSmXvgc1pDyEHAOVbFh7i4bEtxz | |
| 0bnuBdqG2Zh+LyAxxCBVcNBiblXboWpQwqwvMaNjUwqkQJviV6r1Jw+SbE5KTix2 | |
| cCiEd3jgw7yewn4= | |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Id: | <cygwin.cygwin.com> |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sourceware.org/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
| Authentication-Results: | sourceware.org; auth=none |
| X-Virus-Found: | No |
| X-Spam-SWARE-Status: | No, score=-6.0 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.3.2 |
| X-HELO: | calimero.vinschen.de |
| Date: | Thu, 13 Feb 2014 17:05:30 +0100 |
| From: | Corinna Vinschen <corinna-cygwin AT cygwin DOT com> |
| To: | cygwin AT cygwin DOT com |
| Subject: | Re: get rid of getpwent? (Was: cygwin-1.7.28 getpwent header declaration changes ?) |
| Message-ID: | <20140213160530.GK2246@calimero.vinschen.de> |
| Reply-To: | cygwin AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| References: | <52FABAF5 DOT 2060701 AT etr-usa DOT com> <52FAD730 DOT 9090507 AT redhat DOT com> <20140212090804 DOT GM2821 AT calimero DOT vinschen DOT de> <52FB9E51 DOT 7030607 AT cornell DOT edu> <20140212195931 DOT GA2246 AT calimero DOT vinschen DOT de> <20140212213729 DOT GA5589 AT ednor DOT casa DOT cgf DOT cx> <20140213100025 DOT GB24159 AT calimero DOT vinschen DOT de> <20140213143541 DOT GC6750 AT ednor DOT casa DOT cgf DOT cx> <20140213144419 DOT GI2246 AT calimero DOT vinschen DOT de> <20140213154333 DOT GA6304 AT ednor DOT casa DOT cgf DOT cx> |
| MIME-Version: | 1.0 |
| In-Reply-To: | <20140213154333.GA6304@ednor.casa.cgf.cx> |
| User-Agent: | Mutt/1.5.21 (2010-09-15) |
--3MHXEHrrXKLGx71o Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Feb 13 10:43, Christopher Faylor wrote: > On Thu, Feb 13, 2014 at 03:44:19PM +0100, Corinna Vinschen wrote: > >Yes, I think so too. I have some preliminary code (actually, just > >empty function shells right now) which are supposed to implement > >full enumerating. > > > >However, system admins might not exactly approve. I discussed this > >with our Linux folks, and I learned that NSS backends like SSSD or > >winbind default to NOT allowing enumerating, but giving the admin a > >choice to enable it. > > > >So I think for our case a configuration option in /etc/nsswitch.conf > >to limit the scope of the enumeration might be feasible. >=20 > Or, nscd.conf which has stuff like: >=20 > enable-cache passwd yes > positive-time-to-live passwd 600 > negative-time-to-live passwd 20 > suggested-size passwd 211 > check-files passwd yes > persistent passwd yes > shared passwd yes > max-db-size passwd 33554432 > auto-propagate passwd yes I know that nsswitch.conf is not quite the right place for the configuration variables, but I was reluctant to introduce YA file to read at startup. If nobody cares, we can also go with a limited nscd.conf approach for the configuration variables. > I understand why a sysadmin might not want you to be able to enumerate > user names but that really isn't, IMO, a reason not to implement the > functionality (not that you are proposing this). You obviously can't > assume that people won't exercise the capability if it is available. >=20 > Security through obscurity...? Nah. Nah. But restricting the capability for pure networking reasons is on order, IMHO. Assuming that Cygwin has been setup by an admin and the /etc files are not writable by the ordinary user, of course. Corinna --=20 Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Maintainer cygwin AT cygwin DOT com Red Hat --3MHXEHrrXKLGx71o Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJS/O1KAAoJEPU2Bp2uRE+giTgP/0D5AzDC3ux7yGgm2iM0qpcv B4s3jc79KvqLuJG3AfDkYxukOyaik1A0KvPx8p+b9OvzpdqwrQSeKQ9i8GiTvM3p zcV6j12M2es01jthMJJI5tgW/SyhLO7fpCSwutt0f9r1h1oIbTcesPGYLK5NtGWr 2HD9Tkfn1fcbkg7pWVtkXdLo3F3EEtSqcV+p4Yj3Mbgxs/aN2NtfXTEwdHUbPjdB gqtsVwTqi/YSnuwRL3Ve6fRl0h46+AiOAMC8y5uhhrdnlLu/tfn59oxfDuGzvkfq hoaW625RAgJ8+Z7Fq7uJOH+/dh68nPX04jUCQ/TydSbhYuLdtiEmkNNSel3Pbhr7 MYeZIzQYW+HN1cRF4lq1lgyDbQLrM6PDsohoyQMwcGbJuhMGKAzsWNOvpQW+SMhm H5A8xpkffw4Ef/x2+xFVcU5SzaZNqwogQMItFdZ8n86Msu0zhKY4zT9xUsAjM8V9 +Szo3c8YTCcJGa01pC/bFMToWg5yf99yNHGE0KfSSpt6vle0kiC7CuNPyJAnxvQB qeUk+0l3sBCvi+ra+cKveaqyKSSfv9YBDzmHZyH6TvKccWh+fR/N6NDyLT78GknP ZMSwcMtFBjORO7lQyBAU199KV7eT2tyUYTZE6HuDFPUjorU+q9PjxtTs8cSm1HOX +hugZsOmbBLa4gDB1n+u =Vw3s -----END PGP SIGNATURE----- --3MHXEHrrXKLGx71o--
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |