Mailing-List: contact cygwin-help AT sourceware DOT cygnus DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT sources DOT redhat DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT sources DOT redhat DOT com>
List-Help: <mailto:cygwin-help AT sources DOT redhat DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT sources DOT redhat DOT com
Delivered-To: mailing list cygwin AT sources DOT redhat DOT com
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Subject: RE: cygwin (rm -rf)  ignores windows2000 security
X-MimeOLE: Produced By Microsoft Exchange V6.0.4417.0
Date: Tue, 18 Sep 2001 09:59:59 +1000
Message-ID: <EA18B9FA0FE4194AA2B4CDB91F73C0EF08F187@itdomain002.itdomain.net.au>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: cygwin (rm -rf)  ignores windows2000 security
Thread-Index: AcE/1CRemfgVZ92pSfKR/ZqSZJ/0DAAAJI+Q
From: "Robert Collins" <robert DOT collins AT itdomain DOT com DOT au>
To: "Ian Sidle" <macmouse4 AT yahoo DOT com>, <cygwin AT cygwin DOT com>
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by delorie.com id UAA08336

My 2c is that the c:/ directory still has everyone:full. That will allow
anyuse with or without cygwin to delete all child directories. (deleting
a file requires write to the directory it is in, deleting a directory
requires write to the directory above.)

Rob

> -----Original Message-----
> From: Ian Sidle [mailto:macmouse4 AT yahoo DOT com]
> Sent: Tuesday, September 18, 2001 10:06 AM
> To: cygwin AT cygwin DOT com
> Cc: macmouse4 AT yahoo DOT com
> Subject: cygwin (rm -rf) ignores windows2000 security
> 
> 
> Rather interesting...
> 
> I am helping setup a lab of windows 2000 machines, for
> programming. We previously were using linux/unix
> machines but the district is FORCING us to use windows
> 2000... although they don't have the equipment needed
> for the move.. So we are still using the linux servers
> via telnet.. ::deep sigh:: don't get me started...
> 
> Anyway, as a perhaps semi-evil solution would be to
> use cygwin. Specifically for gcc programming, and can
> use the jdk from sun with the built in stuff (and
> inside cygwin as well, for those who want vi,etc).
> Using cygwin would be MUCH more prefered (not to
> meantion cheaper, less training, work,etc) then using
> borlan...
> 
> So I've been setting up an image which we would then
> put on the machines. So on it I install java, win2k
> updates,etc. Then put cygwin on (as administrator). I
> had inevertanly stubled across the problem, when I had
> frogotten I wasn't administrator.
> 
> Cygwin (I presume) runs as the user "administrator".
> So any security measures that apply to him are open.
> Although when trying to go to a protected directory I
> get a permissions denied as expected. I have done
> several experaments to find out what it has been
> doing...
> 
> So I can delete files that are in the home directory
> just fine. I can also go to the "c" drive by "cd C:".
> I had created several files and a folder at
> C:/test_folder/ and inside it had (test1 through 4
> .txt). Then manually set the folder to ONLY be used by
> "administrator" with full access. I can't cd into the
> directory , but I can delete files with "rm -rf".
> Although using just plain rm does not work. With rm
> -rf, I get the "permission denied" error, but it still
> deletes the file.
> 
> Also, interestingly, I also made a directory that was
> C:/test2. I had it so it was only administrator once
> again, but gave admin only read access. So I can't
> delete it with rm -rf.
> 
> When I try to delete/modify a file on a network
> server, it gets the access denied. This is probably
> obvious for it has to have a user athenticated.
> 
> This is a BIG security hole and suggest it be fixed
> ASAP. Although its not that big of a deal (only local
> file systems), and we can just reimage the machines.
> This could be a big problem for someone else. Also
> especially sence management might want to push some
> more, and have NO linux machines (would take a lot
> more pushing to get there) and have all files local.
> Then everyone's hard work coding can get toasted in
> one quick sweep.
> 
> Let me know what can be done about it, how this works
> ,etc. I don't know c++ (I can probably read it and
> find out whats going on) but can't really "code"
> (thats why I'm in the class) but I'll help out with
> what I can. 
> 
> thanks
> Ian
> 
> 
> __________________________________________________
> Do You Yahoo!?
> Get email alerts & NEW webcam video instant messaging with 
> Yahoo! Messenger
> http://im.yahoo.com
> 
> --
> Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
> Bug reporting:         http://cygwin.com/bugs.html
> Documentation:         http://cygwin.com/docs.html
> FAQ:                   http://cygwin.com/faq/
> 
> 

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/