Mailing-List: contact cygwin-help AT sourceware DOT cygnus DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT sources DOT redhat DOT com Delivered-To: mailing list cygwin AT sources DOT redhat DOT com Message-ID: <8F23E55D511AD5119A6800D0B76FDDE101A26A9B@cpex3.channelpoint.com> From: Troy Noble To: "'egor duda'" , Troy Noble Cc: "'Upat54wo AT aol DOT com'" Subject: RE: Shell execution Date: Fri, 21 Sep 2001 12:59:19 -0600 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" X-Scanned-By: MIMEDefang 1.0 (http://www.roaringpenguin.com/mimedefang/) > It works. In a way. Apart from gaping security hole there's another > big problem with letters. Your script may just silently die before > reaching '/winnt/system32/net use /d m:' line. In that case (at least > on NT 4.0) you'll be left with exiting, but unaccessible, undeletable > and unchangeable 'm:'. Next time your script won't be able to run at > all. You'll need to restart your machine to get rid of it Absolutely... you have to be careful when you write your script ;-> > So, i strongly suggest using UNC everywhere where possible. Agreed, whenever possible. But I will add that if the share you are trying to get at is not open for Everyone, or is in another domain, or some other security restriction prevents you being able to see it via UNC... you can fairly safely pass your credentials across before you first try to access any files on the UNC share using: /winnt/system32/net use '\\hostname\ipc$' yourpassword '/user:YOURDOMAIN\yourusername' I've had to do this in some cases, and it works equally well. Same security hole applies of course. But it's better than leaving my share open for Everyone WRITE and thus being subject to the Nimba-type virus (or whatever it was called) that got passed around earlier this week ;-> It takes advantage of the fact that lots of people like to create shares to their drives with Everyone WRITE enabled. Troy -----Original Message----- From: egor duda [mailto:deo AT logos-m DOT ru] Sent: Friday, September 21, 2001 12:49 PM To: Troy Noble Cc: 'Upat54wo AT aol DOT com'; cygwin AT cygwin DOT com Subject: Re: Shell execution Hi! Friday, 21 September, 2001 Troy Noble troy DOT noble AT channelpoint DOT com wrote: >>From /usr/doc/Cygwin/cron.README: TN> "On NT/W2K run cron under SYSTEM account TN> as service to use that feature. Note that you don't have access to TN> net shares in the child processes then." TN> Which means m: (and thus /cygdrive/m) TN> is likely not mapped when your cron job is running... TN> as you discovered. TN> Search the archives for similar discussions on this TN> subject. A search on Google for cygwin +cron +mount +username TN> should do the trick I'd imagine. TN> A nifty little trick I've learned... if you don't mind TN> storing your NT username and password in a plain text file TN> somewhere on your disk (like in your script): TN> /winnt/system32/net use m: '\\hostname\sharename' yourpassword TN> '/user:YOURDOMAIN\yourusername' TN> and later before your script exits TN> /winnt/system32/net use /d m: TN> The security hole that this opens up should be obvious to TN> the casual observer... but it is effective nonetheless. It works. In a way. Apart from gaping security hole there's another big problem with letters. Your script may just silently die before reaching '/winnt/system32/net use /d m:' line. In that case (at least on NT 4.0) you'll be left with exiting, but unaccessible, undeletable and unchangeable 'm:'. Next time your script won't be able to run at all. You'll need to restart your machine to get rid of it So, i strongly suggest using UNC everywhere where possible. Egor. mailto:deo AT logos-m DOT ru ICQ 5165414 FidoNet 2:5020/496.19 -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/