X-Recipient:	archive-cygwin AT delorie DOT com
DomainKey-Signature:	a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:to:from:subject:date:message-id:references
	:mime-version:content-type:content-transfer-encoding; q=dns; s=
	default; b=DqUmsCAaQMXKqBmHZS/iOSsaxo248NGTmKqdiqPMu24rd8rErPicD
	XIfWbVeWoztOTNz2TC+DMHt7maeCX/JJJ1bg7k6Ryfa96iJuEpVnlrthEWQNHL1/
	NAmts0stDVNiCdh5Zs0K6iNBmsZ74ne4ocoLYWBrTJ2PdwPAqx+vEY=
DKIM-Signature:	v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:to:from:subject:date:message-id:references
	:mime-version:content-type:content-transfer-encoding; s=default;
	bh=kpQuW7uyvCExpJxSslzzs+R7oFw=; b=VOqZup7EriELB5p0p2gXIiuQ0knK
	1b9aGALtvSi4SNXd/Xkbh5CFqd3KSNzn+Mt/E/jPaZ0sd+IBrEYntR0J1qweng8y
	1Phhv6oieaUCXzHmABwsvw1yknukHqnuY6enw7K5UqKEq6oT9oc5Ca38w3U+vfWP
	10YiVdWV4hYQUDw=
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Authentication-Results:	sourceware.org; auth=none
X-Virus-Found:	No
X-Spam-SWARE-Status:	No, score=-0.6 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_NONE,RP_MATCHES_RCVD,SPF_HELO_PASS,SPF_PASS autolearn=ham version=3.3.2
X-HELO:	plane.gmane.org
To:	cygwin AT cygwin DOT com
From:	"D. Boland" <daniel AT boland DOT nl>
Subject:	Re: Minires truncates host names
Date:	Thu, 17 Jul 2014 22:29:07 +0200
Lines:	89
Message-ID:	<53C83213.580EEB62@boland.nl>
References:	<028c01cf9974$ad507120$07f15360$@alum.mit.edu> <53C8129A DOT 1BA76E49 AT boland DOT nl> <20140717182302 DOT GR15332 AT calimero DOT vinschen DOT de>
Mime-Version:	1.0
X-IsSubscribed:	yes

Hi Corinna,

Corinna Vinschen wrote:
> 
> On Jul 17 20:14, D. Boland wrote:
> > Hi Pierre,
> >
> > "Pierre A. Humblet" wrote:
> > >
> > > You are right, there is a bug in res_querydomain,
> > > Line 737 *(ptr++ - 1) = '.';   should be
> > > *ptr++ = '.';
> > >
> > > I would also add a debug printf at the top of the function:
> > > DPRINTF(statp->options & RES_DEBUG, "querydomain \"%s\"  \"%s\" type %d\n",
> > > Name, DomName, Type);
> > >
> > > Unfortunately I am not setup to build Cygwin so I can't test the above nor
> > > submit a proper patch.
> >
> > Just letting you know how it went with the Resolver (miniedit). The error, pointed
> > out by you, solved the problem.
> 
> Did you read my previous reply?  Do *not* use the minres lib.  Use the
> Cygwin resolver.  There's no minires lib on 64 bit anymore and the 32
> bit runtime minres is only maintained for backward compatibility.

Yes, I read it. I just don't like to swap my current Cygwin DLL. I will test it
proper on a fresh Cygwin system on another computer. When will the fix be released?

> > Now I have an even bigger problem. Sendmail works perfectly. But only on my XP
> > machine. As of Windows Vista, MS decided to remove certain privileges from the
> > SYSTEM user.
> 
> You might have to read the user's manual in the long run ;)
> 
> https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-setuid-overview

I did read it. Very well written, I might add. It looked very complicated at first
but when I read it, it made my problem very clear.

> Other services are set up so that they use another account called
> cyg_server.  See, for instance, how ssh-host-config helps an admin to
> set this up.  The csih package helper script is lending you a hand when
> creating such service installer scripts.  See also
> 
> https://cygwin.com/faq/faq.html#faq.using.sshd-in-domain

I must say, I am not a big fan of this csih thang. It totally obfuscates what I am
doing with my Cygwin server as an administrator. Also, it creates the "cyg_server"
user, which just mimicks what the SYSTEM user used to do. Maybe it should have been
called "root"?

The SYSTEM user was/is also regarded as the root user by other softwares from the
Unix world. It's in the procmail source code (#define ROOT_uid 18).

I searched for MS's position on this issue. I found this article:

http://technet.microsoft.com/en-us/library/bb457125.aspx

In the section about the SeTcbPrivilege, which the "cyg_server" user needs to log in
as another user, it reads:

---------------------
The default settings are taken from the Windows XP Professional Local Computer
policy.

Act as part of the operating system (SeTcbPrivilege)

Allows a process to assume the identity of any user and thus gain access to the
resources that the user is authorized to access. Typically, only low-level
authentication services require this privilege.

Default setting: Not assigned.

Note that potential access is not limited to what is associated with the user by
default; the calling process might request that arbitrary additional privileges be
added to the access token. The calling process might also build an access token that
does not provide a primary identity for tracking events in the audit log.

When a service requires this privilege, configure the service to log on using the
Local System account, which has the privilege inherently. Do not create a separate
account and assign the privilege to it.
-----------------

I cannot believe that MS just disabled this privilege in the newer Windows versions,
without providing an alternative. So now I'm trying the LocalService user...

Daniel


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

- Raw text -