Mailing-List: contact cygwin-help AT sourceware DOT cygnus DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT sources DOT redhat DOT com Delivered-To: mailing list cygwin AT sources DOT redhat DOT com Message-ID: <3BCB1BDC.33611371@cportcorp.com> Date: Mon, 15 Oct 2001 13:24:44 -0400 From: Peter Buckley X-Mailer: Mozilla 4.7 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: John Peacock CC: Robert Collins , Corinna Vinschen Subject: Re: rsh: "Permission denied" on file creation. Cygwin 1.3.3 on W2K Adv Srv SP2. References: <3BC72151 DOT F11E6CB0 AT cportcorp DOT com> <20011013105919 DOT O1155 AT cygbert DOT vinschen DOT de> <3BC89445 DOT DEED628 AT rowman DOT com> <007d01c154b9$d088be30$0200a8c0 AT lifelesswks> <3BCB0C7D DOT 148867EF AT cportcorp DOT com> <3BCB1525 DOT 3E9FA2F4 AT rowman DOT com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit I would love to use ssh, and I actually had it working a few versions of cygwin ago. But my unix guru here says "why don't you just use rsh?- The internal network is secure." I don't agree- I don't think we should be relying on anything that is inherently insecure (of course, we do use NT as an operating system). But where we have the option to use ssh, I would prefer it. Unfortunately, NONE of our unix boxes have ssh, and I have been told that they won't be upgraded without good reason, and even then I have to wait until some important work is done (so the ssh install won't interrupt our schedule). I don't know if it is too OT, but would anyone care to contribute reasons why to use ssh instead of rsh even on our "internally secure" network? Please reply to me personally, I think this part isn't very cygwin related anymore. BTW, I hope Corinna will reply onlist and let me know about the "security features" of rsh that I asked about in my previous post- that is definitely on-topic. TIA, Peter John Peacock wrote: > > Peter Buckley wrote: > > > > Ummm.... I don't understand why home directories on > > a network share would ever be "public". I thought that > > root on unix could read whatever it wanted > > (including home directories on network shares, > > hence SYSTEM is NOT equivalent), > > I don't think that is true of NFS mounts but it may be. > > > but this > > idea of public sounds like anyone (the guest user) or > > some intruder could read the contents of my home > > directory on a network share without authenticating. > > That just sounds silly, so maybe I need someone to > > explain this idea of "public" to me. > > The whole idea of "public" shares under NT gives me the absolute > willies! > > > > > Basically, the problem here is the "security" feature > > that rsh uses where it tries to cd to the user's home > > directory as the SYSTEM account, then failing that > > exits if CYGWIN is defined. This is ridiculous. > > When I rsh, the whole idea is that I am "me" and I am > > executing commands as "me" on the remote system. I don't > > want to cd to my home directory as SYSTEM, and in this > > case it doesn't work because it is a network share and > > kicks me out. > > This is indeed where this discussion started. And, as I tried to > point out at the time, rsh is a *nix program that has been modified to > work under CygWin. > > The current security model is to do everything necessary to set up the > user's login, then drop the enhanced rights at the very last possible > moment. Lots of *nix programs actually go further and use chroot, > which actually places the user process in a virtual / without any way > of getting out to the rest of the machine. Of course, this is not > possible under NT at all. The fallback, to make sure that no one can > log in as Guest, is to not allow any login to non-existant $HOME > directories, which from the standpoint of SYSTEM, yours is. > > So you are not "me" until after the cd for a very good reason. To > change it for CygWin would be to make it less secure. Have you > checked out ssh instead of rsh? It is much more secure, from the > ground up, and may actually work better for you. > > > > > I know that I can modify the code so it doesn't do this, > > but I don't think it should use this security feature this > > way. There are probably a bunch of NT users who have their > > home directories on network shares. It was explained to me > > that the whole idea of this security feature is so an > > unauthorized user doesn't end up in the / directory. The > > section of code does this- > > > > if (cd $HOME) > > #okay, we cd'd to the home directory no problem > > else > > ifdef _CYGWIN_ > > error (no remote directory; exit1) > > else > > cd / > > endif > > endif > > > > Why can't the "cd /" simply be a "cd /some-harmless-place" > > and provide the same level of security? Simply saying > > "you shouldn't have your home directory on a network share" > > isn't good enough. Maybe I just don't understand the idea > > of making my home directory "public" and if someone explains > > it to me I can tell my sysadmins and have them set it up that > > way. > > > > The problem is that until NTSEC, there was no harmless place. And I am > not sure that I would even rely on CygWin's NTSEC implementation (as it > relies on NT). Corina would be much more likely to be able to tell you > whether this is a secure option. > > John > > p.s. really, you should be using ssh, not rsh ;~) > > -- > John Peacock > Director of Information Research and Technology > Rowman & Littlefield Publishing Group > 4720 Boston Way > Lanham, MD 20706 > 301-459-3366 x.5010 > fax 301-429-5747 -- Your mouse has moved. Windows NT must be restarted for the change to take effect. Reboot now? [OK] -- -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/