Mail Archives: cygwin/2016/03/04/10:43:35

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2016/03/04/10:43:35

X-Recipient: archive-cygwin AT delorie DOT com

DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:date:from:to:message-id:in-reply-to:subject

:mime-version:content-type:content-transfer-encoding; q=dns; s=

default; b=Su/3NyyMF5+LKHeff1bKWKqCUmAZxzbER/vjrT0CetbNoyQMMisiR

iz1vO9JRpvfAHoaO+kLYbONpaxxZLWAyvfwbrt+rg+ki5XGVf2rMJieMq4uytub8

Lez2WIpNliuVhb+cUTHc598k3jk1zA/QgM9v9LYGiVUtOS39anngAw=

DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:date:from:to:message-id:in-reply-to:subject

:mime-version:content-type:content-transfer-encoding; s=default;

bh=KvX7Whxs8yXZ6ujhzcqklDA1/uo=; b=RuS/jBM4cZ/iPq1yfPpi0vbpH0EN

tRl2u6uf1ZdgZCX2+BneCW074x4+pEzGajOLiKKdRkgd/uf4y2CE9fZjKZpJaijV

mqsa9k/5vSzO4EJN0sLfYeZGmhNAHBXcRDHZVsMT2wiaoR9JDH+43s7iPVnVO+BG

E/7zEAAMzAekna0=

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Id: <cygwin.cygwin.com>

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sourceware.org/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

Authentication-Results: sourceware.org; auth=none

X-Virus-Found: No

X-Spam-SWARE-Status: Yes, score=5.5 required=5.0 tests=AWL,BAYES_50,FREEMAIL_FROM,KAM_LAZY_DOMAIN_SECURITY,RCVD_IN_DNSWL_LOW autolearn=no version=3.3.2 spammy=H*M:root, H*x:Win, Volume, deny

X-HELO: smtp1-g21.free.fr

Date: Fri, 4 Mar 2016 16:43:07 +0100 (CET)

From: akikij AT free DOT fr

To: cygwin AT cygwin DOT com

Message-ID: <550385091.121913198.1457106187258.JavaMail.root@zimbra93-e16.priv.proxad.net>

In-Reply-To: <2119166713.121814507.1457103633265.JavaMail.root@zimbra93-e16.priv.proxad.net>

Subject: Issues with ACL settings after updating to the latest cygwin.dll - correction

MIME-Version: 1.0

X-Authenticated-User: akikij AT free DOT fr

X-MIME-Autoconverted: from quoted-printable to 8bit by delorie.com id u24FhOCZ018216

Hi,
I have the different problems you have about this new security right NULL SID DENY added to some files.
Sometimes also Windows can't access files concerned.
He considered security rigths unordered and I have to class them before continue.
It's too difficult for me to help you to correct the problem.
I give only tracks to correct the effects to return to a clean situation.

I have a solution to list all files concerned in a directory tree:
#!/bin/bash
#	List on stdout objects with DENY
if [ $# -eq 0 ] ; then echo "Usage $0 path" ; exit 1 ; fi
cd "$1" || { echo "Bad path" ; exit 1; }
find . |grep -v -E '^\.$|RECYCLE.BIN|RECYCLER|System Volume Information'|while read i 
do	#echo "$i"
	1>&2 echo -en "$i\\r" #to see progression
	j=$(cygpath "$i")
	c=$(2>/dev/null cacls "$j" /L)
	if [ $? -ne 0 ] ; then
		s=$(file "$i"|grep 'symbolic link to')
		if [ -z "$s" ] ; then echo "not found $j" ; fi
		continue
	fi
	s=$(echo "$c"|grep -i 'NULL SID:(DENY)')
	if [ ! -z "$s" ] ; then
		echo "$c" 
	fi 
done |tee /tmp/1

I use here /tmp/1 as buffer. I can edit it before to submit to the next solution.
It's more safe for the moment.

I have another solution to patch security items contained in this buffer (here /tmp/1)
#!/bin/bash
#	Patch objects recognized having NULL SID right
#	one to one - with icacls - exit at the 1st error
ws=/tmp/NULSID	#root name for 2 temporary files, .org .new as suffixe
cat /tmp/1|grep '^.:'|while read -r i ; do
	j=$(echo "$i"|sed 's/ NULL SID.*//')
	echo "	chg $j"
	corg="$ws.org"
	cnew="$ws.new"
	icacls "$j" /save $(cygpath -w "$corg") || exit 1
	#edit with null char temporary remplaced
	cat "$corg"|tr '\0' 'бё'|sed -e '1 s/.*/.бё/' -e 's/(бёD[^)]*)бё//g'|tr 'бё' '\0' > "$cnew"
	icacls "$j" /restore $(cygpath -w "$cnew") || exit 1
done

This solution not complete is usable for me now. I find many pbs in cygwin system
 (more than 3000 in /bin /lib ...)
I am not confident to leave this problem with ACLs. Some files are concerned, the others not.
I want a more deterministic function for the cygwin system.
May be an upgrade of all project datas is necessary before the use of these new acl functionnalities.

Sorry for my english

Regards


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

- Raw text -

webmaster	delorie software privacy
Copyright ╘ 2019 by DJ Delorie	Updated Jul 2019

X-Recipient:	archive-cygwin AT delorie DOT com
DomainKey-Signature:	a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:message-id:in-reply-to:subject
	:mime-version:content-type:content-transfer-encoding; q=dns; s=
	default; b=Su/3NyyMF5+LKHeff1bKWKqCUmAZxzbER/vjrT0CetbNoyQMMisiR
	iz1vO9JRpvfAHoaO+kLYbONpaxxZLWAyvfwbrt+rg+ki5XGVf2rMJieMq4uytub8
	Lez2WIpNliuVhb+cUTHc598k3jk1zA/QgM9v9LYGiVUtOS39anngAw=
DKIM-Signature:	v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:message-id:in-reply-to:subject
	:mime-version:content-type:content-transfer-encoding; s=default;
	bh=KvX7Whxs8yXZ6ujhzcqklDA1/uo=; b=RuS/jBM4cZ/iPq1yfPpi0vbpH0EN
	tRl2u6uf1ZdgZCX2+BneCW074x4+pEzGajOLiKKdRkgd/uf4y2CE9fZjKZpJaijV
	mqsa9k/5vSzO4EJN0sLfYeZGmhNAHBXcRDHZVsMT2wiaoR9JDH+43s7iPVnVO+BG
	E/7zEAAMzAekna0=
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Authentication-Results:	sourceware.org; auth=none
X-Virus-Found:	No
X-Spam-SWARE-Status:	Yes, score=5.5 required=5.0 tests=AWL,BAYES_50,FREEMAIL_FROM,KAM_LAZY_DOMAIN_SECURITY,RCVD_IN_DNSWL_LOW autolearn=no version=3.3.2 spammy=HM:root, Hx:Win, Volume, deny
X-HELO:	smtp1-g21.free.fr
Date:	Fri, 4 Mar 2016 16:43:07 +0100 (CET)
From:	akikij AT free DOT fr
To:	cygwin AT cygwin DOT com
Message-ID:	<550385091.121913198.1457106187258.JavaMail.root@zimbra93-e16.priv.proxad.net>
In-Reply-To:	<2119166713.121814507.1457103633265.JavaMail.root@zimbra93-e16.priv.proxad.net>
Subject:	Issues with ACL settings after updating to the latest cygwin.dll - correction
MIME-Version:	1.0
X-Authenticated-User:	akikij AT free DOT fr
X-MIME-Autoconverted:	from quoted-printable to 8bit by delorie.com id u24FhOCZ018216