Mailing-List: contact cygwin-help AT sourceware DOT cygnus DOT com; run by ezmlm
List-Unsubscribe: <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT sourceware DOT cygnus DOT com>
List-Archive: <http://sourceware.cygnus.com/ml/cygwin/>
List-Post: <mailto:cygwin AT sourceware DOT cygnus DOT com>
List-Help: <mailto:cygwin-help AT sourceware DOT cygnus DOT com>,
	<http://sourceware.cygnus.com/ml/#faqs>
Sender: cygwin-owner AT sourceware DOT cygnus DOT com
Delivered-To: mailing list cygwin AT sourceware DOT cygnus DOT com
Message-ID: <37BBE00F.280418C5@vinschen.de>
Date: Thu, 19 Aug 1999 12:44:31 +0200
From: Corinna Vinschen <corinna AT vinschen DOT de>
X-Mailer: Mozilla 4.6 [en] (WinNT; I)
X-Accept-Language: de,en
MIME-Version: 1.0
To: "Cygwin AT Sourceware. Cygnus. Com" <cygwin AT sourceware DOT cygnus DOT com>
CC: ssiddiqi AT ipass DOT net
Subject: Re: FW: Description of the new 'ntsec' feature
References: <LOBBLPGIHMIEGBEAFDMCAEJGCAAA DOT ssiddiqi AT inspirepharm DOT com> <19990819000442 DOT B9980 AT cygnus DOT com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Chris Faylor wrote:
> On Wed, Aug 18, 1999 at 09:20:36PM -0400, Suhaib M. Siddiqi wrote:
> > [...]
> >In my hands NTSEC had been very annoying.  I get all the time those
> >pinfo_proc kill at 1000 blah blah.
> >
> >I did not understand the philosophy behind NTSEC.  Cygwin is a
> >development tool not a multiuser UNIX login system, thus I am not sure
> >implementing all the UNIX traditional security features would be
> >helpfull for development tools.
> 
> The philosophy was that we could get real ownership and real executable
> bits and real UNIX permissions.  I also thought it would be nice to have
> a multi-user NT system where people couldn't routinely kill each others'
> processes.  I asked Corinna for this and she spent a lot of time on it.

Another problem was: A cygwin process that was started via service
manager (inetd) and it's child process (telnetd, sshd, etc) couldn't
be killed with cygwin tools (kill). So I spent time to look over NT
security to solve this problem, which was a developers problem.

Note, that you are _able_ to work with cygwin as if you work in
the mentioned multiuser UNIX system. Moreover it's possible to
_develop_ with other persons in the same cygwin environment on
the same workstation together. Why not supporting this with a
suitable security model?

> I can understand why you don't want to use it.  Just turn if off.  If
> you still are having problems then they're probably not due to ntsec.
> There's probably a bug in cygwin from something *I've* done.

And there's probably a bug in ntsec, too. I hope that some people are
willing, to give ntsec a try. It works "for me" but I'm not able to
see all consequences in my environment, so I need feedback. 
If nobody would test your XFree porting results you would have a
far bigger problem, isn't it?

The main items are:
- Are there real bugs?
- Are the choosen security settings adequate?
- Should the settings for administrators better be as in NT itself?
- How is it possible to do convenient without /etc/passwd and
  /etc/group?

And, last but not least: Patches are gratefully accepted ;-)

Regards,
Corinna


--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe AT sourceware DOT cygnus DOT com