| delorie.com/archives/browse.cgi | search |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| DomainKey-Signature: | a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:message-id:date:from:mime-version:to:subject | |
| :references:in-reply-to:content-type:content-transfer-encoding; | |
| q=dns; s=default; b=HpuYCEMS11sNZ+gXUyWPx9+cY7xR7OuP0XqCB2XgOYz | |
| gfRvTpXFIAdqeOweesGI7KDi0ur0fWBXf228zNtuCWDCmrrUiYUo1Atoy+AgXl6P | |
| NK/NTLeAkfQLcZzZIOmd08LL1iKCfxIkoer19oVgy0Vo9NC7htDaqUK71Yb55kXw | |
| = | |
| DKIM-Signature: | v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:message-id:date:from:mime-version:to:subject | |
| :references:in-reply-to:content-type:content-transfer-encoding; | |
| s=default; bh=/VTGkMoQpQrpGRgEfoGNk/pTbVY=; b=eKaYzf+mB9vM88TwX | |
| 47AFMrcIWV85nqAZwkybgGd71NJTbxQihsfPGb5oC+sLgKPFBuz6GGNRlmLvf9i1 | |
| aAU3jbVnS9Cyk5ZiIGnZ5TWVQtqKRBdg+qE7OfaoyTW1i3xY/U+ySAayzkNEIAXs | |
| IY46rkEeby2kTTqrw2YEk3XELI= | |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Id: | <cygwin.cygwin.com> |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sourceware.org/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
| Authentication-Results: | sourceware.org; auth=none |
| X-Virus-Found: | No |
| X-Spam-SWARE-Status: | No, score=-1.9 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.3.2 |
| X-HELO: | mail6.worldispnetwork.com |
| Message-ID: | <546AA4AF.1090807@shaddybaddah.name> |
| Date: | Tue, 18 Nov 2014 12:45:19 +1100 |
| From: | Shaddy Baddah <lithium-cygwin AT shaddybaddah DOT name> |
| User-Agent: | Mozilla/5.0 (X11; Linux i686; rv:24.0) Gecko/20100101 Icedove/24.7.0 |
| MIME-Version: | 1.0 |
| To: | cygwin AT cygwin DOT com |
| Subject: | Re: rebase db perms seem too restrictive |
| References: | <5469682A DOT 6090501 AT shaddybaddah DOT name> <20141117092600 DOT GB3151 AT calimero DOT vinschen DOT de> |
| In-Reply-To: | <20141117092600.GB3151@calimero.vinschen.de> |
| X-IsSubscribed: | yes |
Hi,
On 17/11/14 20:26, Corinna Vinschen wrote:
> On Nov 17 14:14, Shaddy Baddah wrote:
>> Hi,
>>
>> I expect that there wasn't any explicit reasoning behind this, but
>> rebase creates a db with permissions that are too restrictive. To me
>> anyway, as I cannot see any danger in the db being readable by all.
>>
>> This snippet describes it:
>>
>> <snip>
>> $ whoami
>> sbaddah
>> $ od -c /etc/rebase.db.x86_64
>> od: /etc/rebase.db.x86_64: Permission denied
>> $ ls -l /etc/rebase.db.x86_64
>> -rw-rw---- 1 portapps None 86020 Nov 11 15:34 /etc/rebase.db.x86_64
>> </snip>
>>
>> I've attached an untested patch that would allow at least world readable
>> perms. It would be appreciated if it was applied :-)
>>
>> --
>> Regards,
>> Shaddy
>
>> diff --git a/rebase.c b/rebase.c
>> index 9504a48..a078e1d 100644
>> --- a/rebase.c
>> +++ b/rebase.c
>> @@ -288,7 +288,7 @@ mkstemp (char *name)
>> {
>> return _open (mktemp (name),
>> O_RDWR | O_BINARY | O_CREAT | O_EXCL | O_TRUNC | _O_SHORT_LIVED,
>> - _S_IREAD|_S_IWRITE);
>> + _S_IREAD|_S_IWRITE|S_IRGRP|S_IROTH);
>> }
>> #endif
>
> That won't work. Check the surroundng #ifdef's. The mkstemp
> replacement function is only called when building rebase for Mingw. If
> it's called on Cygwin, it uses Cygwin's implementation of mkstemp,
> which follows the (security) lead of other POSIX systems and creates
> the files with 0600 permissions. After the file got written, the
> permissions are changed, see lines 358ff.
Sorry, yes I missed that. In any case, I withdraw the patch.
The initial trigger for my request was that the
/usr/lib/perl5/5.14/ExtUtils/MM_Cygwin.pm distributed with perl causes a
cpan/MakeMaker installation to run rebase -s against a built shared
library.
Now I use Perl/cpan local::lib
(http://search.cpan.org/~haarg/local-lib-2.000014/lib/local/lib.pm).
That means my modules get built under my user, which is distinct from
the "software administrator" user (portapps), who owns the db file.
So initially, the rebase command was failing on the rebase on read
perms. However, even with that corrected, rebase -s will want to update
the db, which requires write perms.
The db file location isn't really configurable, and even if it was,
imagining an optimal setup for an installation with the potential for
multiple users building and running their own shared libraries is a
complex mess. There is no perfect world with rebase.
To that end, it is better that the db file is just writeable by the
"software administrator" so that "rebase" services are only sorted out
for the actual Cygwin install. Users would then be required to go it
alone if they need to rebase their built executables/shared libs.
And in any case, subsequent MM_Cygwin.pm modules no longer include
rebase. Suggesting to me that someone's perhaps come to the same
conclusion. If you build your own stuff, you sort out rebasing.
--
Regards,
Shaddy
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |