Mailing-List: contact cygwin-help AT sourceware DOT cygnus DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT sources DOT redhat DOT com Delivered-To: mailing list cygwin AT sources DOT redhat DOT com content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Subject: RE: cygwin (rm -rf) ignores windows2000 security X-MimeOLE: Produced By Microsoft Exchange V6.0.4417.0 Date: Tue, 18 Sep 2001 09:59:59 +1000 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: cygwin (rm -rf) ignores windows2000 security Thread-Index: AcE/1CRemfgVZ92pSfKR/ZqSZJ/0DAAAJI+Q From: "Robert Collins" To: "Ian Sidle" , Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by delorie.com id UAA08336 My 2c is that the c:/ directory still has everyone:full. That will allow anyuse with or without cygwin to delete all child directories. (deleting a file requires write to the directory it is in, deleting a directory requires write to the directory above.) Rob > -----Original Message----- > From: Ian Sidle [mailto:macmouse4 AT yahoo DOT com] > Sent: Tuesday, September 18, 2001 10:06 AM > To: cygwin AT cygwin DOT com > Cc: macmouse4 AT yahoo DOT com > Subject: cygwin (rm -rf) ignores windows2000 security > > > Rather interesting... > > I am helping setup a lab of windows 2000 machines, for > programming. We previously were using linux/unix > machines but the district is FORCING us to use windows > 2000... although they don't have the equipment needed > for the move.. So we are still using the linux servers > via telnet.. ::deep sigh:: don't get me started... > > Anyway, as a perhaps semi-evil solution would be to > use cygwin. Specifically for gcc programming, and can > use the jdk from sun with the built in stuff (and > inside cygwin as well, for those who want vi,etc). > Using cygwin would be MUCH more prefered (not to > meantion cheaper, less training, work,etc) then using > borlan... > > So I've been setting up an image which we would then > put on the machines. So on it I install java, win2k > updates,etc. Then put cygwin on (as administrator). I > had inevertanly stubled across the problem, when I had > frogotten I wasn't administrator. > > Cygwin (I presume) runs as the user "administrator". > So any security measures that apply to him are open. > Although when trying to go to a protected directory I > get a permissions denied as expected. I have done > several experaments to find out what it has been > doing... > > So I can delete files that are in the home directory > just fine. I can also go to the "c" drive by "cd C:". > I had created several files and a folder at > C:/test_folder/ and inside it had (test1 through 4 > .txt). Then manually set the folder to ONLY be used by > "administrator" with full access. I can't cd into the > directory , but I can delete files with "rm -rf". > Although using just plain rm does not work. With rm > -rf, I get the "permission denied" error, but it still > deletes the file. > > Also, interestingly, I also made a directory that was > C:/test2. I had it so it was only administrator once > again, but gave admin only read access. So I can't > delete it with rm -rf. > > When I try to delete/modify a file on a network > server, it gets the access denied. This is probably > obvious for it has to have a user athenticated. > > This is a BIG security hole and suggest it be fixed > ASAP. Although its not that big of a deal (only local > file systems), and we can just reimage the machines. > This could be a big problem for someone else. Also > especially sence management might want to push some > more, and have NO linux machines (would take a lot > more pushing to get there) and have all files local. > Then everyone's hard work coding can get toasted in > one quick sweep. > > Let me know what can be done about it, how this works > ,etc. I don't know c++ (I can probably read it and > find out whats going on) but can't really "code" > (thats why I'm in the class) but I'll help out with > what I can. > > thanks > Ian > > > __________________________________________________ > Do You Yahoo!? > Get email alerts & NEW webcam video instant messaging with > Yahoo! Messenger > http://im.yahoo.com > > -- > Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple > Bug reporting: http://cygwin.com/bugs.html > Documentation: http://cygwin.com/docs.html > FAQ: http://cygwin.com/faq/ > > -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/