Mailing-List: contact cygwin-help AT sourceware DOT cygnus DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT sources DOT redhat DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT sources DOT redhat DOT com>
List-Help: <mailto:cygwin-help AT sources DOT redhat DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT sources DOT redhat DOT com
Delivered-To: mailing list cygwin AT sources DOT redhat DOT com
X-Envelope-Sender-Is: Andrej DOT Borsenkow AT mow DOT siemens DOT ru (at relayer goliath.siemens.de)
From: "Andrej Borsenkow" <Andrej DOT Borsenkow AT mow DOT siemens DOT ru>
To: <cygwin AT sourceware DOT cygnus DOT com>
Subject: RE: mount points and inetd
Date: Tue, 19 Sep 2000 11:37:16 +0400
Message-ID: <000101c0220c$6f3e26f0$21c9ca95@mow.siemens.ru>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
In-Reply-To: <4.3.2.7.0.20000918192249.00e48400@pop.bresnanlink.net>
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
Importance: Normal


>
> At 16:09 9/18/00 -0400, DJ Delorie wrote:
> >I've also heard rumors that system mounts can't even be *used* by an
> >account that doesn't have admin privs (does cygwin read the mounts
> >with a read/write key, or a read-only key?).
>
> not sure about 9x, but for NT4 users of class *GUEST* can use
> system mounts just fine. (you've got to enable a policy to even
> allow this class of user to login first if you wanna test that.)
> so *any* user that can login can use them.
>

It was me, who passed this rumor around :-)

Please, NT4 != WinNT.

Look at permissions for HKLM\Software on NT4. They inlclude (by default) at
least "Set value" and "Create subkey" for everybody. That means, that anybody
can create Cygiwn mount points here, including Guest.

Under Win2k HKLM\Software is read-only by default (except for Administrators
and System. Power users have special access). Cygwin *does* read mounts with
requested Read/Write permissions. That fails under Win2k unless user is
administrator (default install assumed).

Win9x  has no security anyway, so it cannot possibly fail here.

> >Otherwise, if a consensus can be reached about what the best
> >(i.e. safest) overall defaults are, it's easy to change.  Note that
> >setup won't change your system if it's doing an upgrade; it defaults
> >to whatever you had before.
>
> My suggestion would be to assign /, /usr/bin, and /usr/lib as
> system; as without them stuff stops working as soon as you load
> the cygwin dll under an unusual user. (i.e. inetd)
>

That would fail under Win2k. I just tested it.

-andrej


--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe AT sourceware DOT cygnus DOT com