Mailing-List: contact cygwin-help AT sourceware DOT cygnus DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT sources DOT redhat DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT sources DOT redhat DOT com>
List-Help: <mailto:cygwin-help AT sources DOT redhat DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT sources DOT redhat DOT com
Delivered-To: mailing list cygwin AT sources DOT redhat DOT com
Date: Fri, 21 Sep 2001 14:30:01 -0500
From: Wayne Willcox <wayne AT reliant DOT knighthammer DOT com>
To: Troy Noble <troy DOT noble AT channelpoint DOT com>
Cc: "'egor duda'" <cygwin AT cygwin DOT com>, "'Upat54wo AT aol DOT com'" <Upat54wo AT aol DOT com>
Subject: Re: Shell execution
Message-ID: <20010921143001.A63785@reliant.immure.com>
Reply-To: Wayne Willcox <wayne AT reliant DOT immure DOT com>
References: <8F23E55D511AD5119A6800D0B76FDDE101A26A9B AT cpex3 DOT channelpoint DOT com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0pre2i
In-Reply-To: <8F23E55D511AD5119A6800D0B76FDDE101A26A9B@cpex3.channelpoint.com>
X-Operating-System: FreeBSD reliant.knighthammer.com 3.5-STABLE FreeBSD 3.5-STABLE

Also  if you net use m: /y /d then it will delete the map regardless
of if you are using it or not.  Of course this would be bad if you 
were still writing a file on m:/

On Fri, Sep 21, 2001 at 12:59:19PM -0600, Troy Noble wrote:
> > It works. In a way. Apart from gaping security hole there's another
> > big problem with letters. Your script may just silently die before
> > reaching '/winnt/system32/net use /d m:' line. In that case (at least
> > on NT 4.0) you'll be left with exiting, but unaccessible, undeletable
> > and unchangeable 'm:'. Next time your script won't be able to run at
> > all. You'll need to restart your machine to get rid of it
> 
> Absolutely... you have to be careful when you write your script ;->
> 
> > So, i strongly suggest using UNC everywhere where possible.
> 
> Agreed, whenever possible.
> 
> But I will add that if the share you are trying to get at is not
> open for Everyone, or is in another domain, or some other security
> restriction prevents you being able to see it via UNC... you
> can fairly safely pass your credentials across before you
> first try to access any files on the UNC share using:
> 
> /winnt/system32/net use '\\hostname\ipc$' yourpassword
> '/user:YOURDOMAIN\yourusername'
> 
> I've had to do this in some cases, and it works equally
> well.  Same security hole applies of course.
> 
> But it's better than leaving my share open for Everyone WRITE
> and thus being subject to the Nimba-type virus (or whatever
> it was called) that got passed
> around earlier this week ;->  It takes advantage of the
> fact that lots of people like to create shares to their drives
> with Everyone WRITE enabled.
> 
> Troy
> 
> -----Original Message-----
> From: egor duda [mailto:deo AT logos-m DOT ru]
> Sent: Friday, September 21, 2001 12:49 PM
> To: Troy Noble
> Cc: 'Upat54wo AT aol DOT com'; cygwin AT cygwin DOT com
> Subject: Re: Shell execution
> 
> 
> Hi!
> 
> Friday, 21 September, 2001 Troy Noble troy DOT noble AT channelpoint DOT com wrote:
> 
> >>From /usr/doc/Cygwin/cron.README:
> 
> TN> "On NT/W2K run cron under SYSTEM account
> TN> as service to use that feature. Note that you don't have access to
> TN> net shares in the child processes then."
> 
> TN> Which means m: (and thus /cygdrive/m) 
> TN> is likely not mapped when your cron job is running...
> TN> as you discovered.
> 
> TN> Search the archives for similar discussions on this
> TN> subject.  A search on Google for cygwin +cron +mount +username
> TN> should do the trick I'd imagine.
> 
> TN> A nifty little trick I've learned... if you don't mind
> TN> storing your NT username and password in a plain text file
> TN> somewhere on your disk (like in your script):
> 
> TN> /winnt/system32/net use m: '\\hostname\sharename' yourpassword
> TN> '/user:YOURDOMAIN\yourusername'
> 
> TN> and later before your script exits
> 
> TN> /winnt/system32/net use /d m:
> 
> TN> The security hole that this opens up should be obvious to
> TN> the casual observer... but it is effective nonetheless.
> 
> It works. In a way. Apart from gaping security hole there's another
> big problem with letters. Your script may just silently die before
> reaching '/winnt/system32/net use /d m:' line. In that case (at least
> on NT 4.0) you'll be left with exiting, but unaccessible, undeletable
> and unchangeable 'm:'. Next time your script won't be able to run at
> all. You'll need to restart your machine to get rid of it
> 
> So, i strongly suggest using UNC everywhere where possible.
> 
> Egor.            mailto:deo AT logos-m DOT ru ICQ 5165414 FidoNet 2:5020/496.19
> 
> --
> Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
> Bug reporting:         http://cygwin.com/bugs.html
> Documentation:         http://cygwin.com/docs.html
> FAQ:                   http://cygwin.com/faq/

-- 
Slowly and surely the unix crept up on the Nintendo user ...
Wayne Willcox                          I will not eat green eggs and ham
wayne AT reliant DOT immure DOT com                     I will not eat them Sam I Am!!
A wise person makes his own decisions, a weak one obeys public opinion.
                -- Chinese proverb

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/