X-Spam-Check-By: sourceware.org
To: cygwin@cygwin.com
From: Shankar Unni <shankarunni@netscape.net>
Subject:  Re: Vista & coreutils (or any other package)
Date:  Thu, 14 Dec 2006 09:46:44 -0800
Lines: 32
Message-ID: <els2m3$7jr$1@sea.gmane.org>
References:  <20061214152631.GK9829@calimero.vinschen.de> <45818407.981D73E7@dessent.net>
Mime-Version:  1.0
Content-Type:  text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding:  7bit
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.8) Gecko/20061025 Thunderbird/1.5.0.8 Mnenhy/0.7.3.0
In-Reply-To: <45818407.981D73E7@dessent.net>
X-IsSubscribed: yes
Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
Precedence: bulk
List-Id: <cygwin.cygwin.com>
List-Unsubscribe: <mailto:cygwin-unsubscribe-archive-cygwin=delorie.com@cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe@cygwin.com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-help@cygwin.com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
Delivered-To: mailing list cygwin@cygwin.com

Brian Dessent wrote:

> The manifest route is pretty simple, you just create an .xml file, then
> refer to it in a resource file, and then windres does the rest.  

But in cases like this, we really *don't* want to run with elevated 
privileges - if I'm "install"ing to /tmp, I definitely don't want to 
raise my privileges needlessly and potentially set up a security risk 
somewhere. (Admittedly this is an unlikely scenario, but...)

Also, you want an *unprivileged* user to be able to run install to an 
unprivileged location, and such a manifest won't help (because that user 
won't ever be able to raise their privileges without knowing an 
administrator password).

Perhaps if we did this (cygwin-specific hack) instead?

* Rename "install.exe" to "inst-all.exe" (or something that won't trip 
Vista's braindamage)
* Supply a one-line "install" shell script to exec inst-all.

* And then, in turn, we could provide an option to "install" to hack 
other packages' installations of executions named "xxxinstallxxx.exe", 
etc., to use this subterfuge and create the script and renamed execute 
on the fly in the install location.

(I.e. when you run

   /usr/bin/install [--maybe-some-option] myupdate /usr/bin

"install" would actually copy myupdate.exe to /usr/bin/myup-date.exe, 
and create a /usr/bin/myupdate shell script to invoke myup-date.)


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/