Mailing-List: contact cygwin-help AT sourceware DOT cygnus DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT sources DOT redhat DOT com Delivered-To: mailing list cygwin AT sources DOT redhat DOT com Message-ID: <20010918000605.71544.qmail@web14509.mail.yahoo.com> Date: Mon, 17 Sep 2001 17:06:05 -0700 (PDT) From: Ian Sidle Subject: cygwin (rm -rf) ignores windows2000 security To: cygwin AT cygwin DOT com Cc: macmouse4 AT yahoo DOT com MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Rather interesting... I am helping setup a lab of windows 2000 machines, for programming. We previously were using linux/unix machines but the district is FORCING us to use windows 2000... although they don't have the equipment needed for the move.. So we are still using the linux servers via telnet.. ::deep sigh:: don't get me started... Anyway, as a perhaps semi-evil solution would be to use cygwin. Specifically for gcc programming, and can use the jdk from sun with the built in stuff (and inside cygwin as well, for those who want vi,etc). Using cygwin would be MUCH more prefered (not to meantion cheaper, less training, work,etc) then using borlan... So I've been setting up an image which we would then put on the machines. So on it I install java, win2k updates,etc. Then put cygwin on (as administrator). I had inevertanly stubled across the problem, when I had frogotten I wasn't administrator. Cygwin (I presume) runs as the user "administrator". So any security measures that apply to him are open. Although when trying to go to a protected directory I get a permissions denied as expected. I have done several experaments to find out what it has been doing... So I can delete files that are in the home directory just fine. I can also go to the "c" drive by "cd C:". I had created several files and a folder at C:/test_folder/ and inside it had (test1 through 4 .txt). Then manually set the folder to ONLY be used by "administrator" with full access. I can't cd into the directory , but I can delete files with "rm -rf". Although using just plain rm does not work. With rm -rf, I get the "permission denied" error, but it still deletes the file. Also, interestingly, I also made a directory that was C:/test2. I had it so it was only administrator once again, but gave admin only read access. So I can't delete it with rm -rf. When I try to delete/modify a file on a network server, it gets the access denied. This is probably obvious for it has to have a user athenticated. This is a BIG security hole and suggest it be fixed ASAP. Although its not that big of a deal (only local file systems), and we can just reimage the machines. This could be a big problem for someone else. Also especially sence management might want to push some more, and have NO linux machines (would take a lot more pushing to get there) and have all files local. Then everyone's hard work coding can get toasted in one quick sweep. Let me know what can be done about it, how this works ,etc. I don't know c++ (I can probably read it and find out whats going on) but can't really "code" (thats why I'm in the class) but I'll help out with what I can. thanks Ian __________________________________________________ Do You Yahoo!? Get email alerts & NEW webcam video instant messaging with Yahoo! Messenger http://im.yahoo.com -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/