Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Message-ID: <00b301c1c919$ed6b6b90$d700a8c0@mchasecompaq>
From: "Michael A Chase" <mchase AT ix DOT netcom DOT com>
To: "fergus at bonhard dot uklinux dot net" <fergus AT bonhard DOT uklinux DOT net>,
   <cygwin AT cygwin DOT com>
References: <001301c1c90d$00d1ecc0$6fc82486 AT medschool DOT dundee DOT ac DOT uk>
Subject: Re: Setting and using a password in W98
Date: Mon, 11 Mar 2002 08:22:49 -0800
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000

----- Original Message -----
From: "fergus at bonhard dot uklinux dot net" <fergus AT bonhard DOT uklinux DOT net>
To: <cygwin AT cygwin DOT com>
Cc: <fergus AT bonhard DOT uklinux DOT net>
Sent: Monday, March 11, 2002 06:57
Subject: Setting and using a password in W98


> All this is in W98:
>
> I pasted the output from crypt {mypassword}into the appropriate place in
> /etc/passwd as shown
>
>     {myusername}:{output}:500:544::/home/{myusername}:/bin/bash
>
> and now I get prompted for a password when starting Cygwin. Nice.
>
> (This is when starting Cygwin with "c:\Cygwin\bin\rxvt -e /bin/login" but
I
> know there are lots of variations in how Cygwin may be started. Most of
them
> are successfully tripped up by this new setting.)
>
> It's not really very secure, of course: anybody who knew even a bit about
> things could hack /etc/passwd from Windows and climb in that way. But it
> serves a small purpose. However: I hadn't expected that two of the simpler
> startup modes
>
>     c:\Cygwin\bin\bash --login
> and
>     c:\Cygwin\bin\bash --login -i
>
> (the latter being exactly what's in c:\Cygwin\cygwin.bat) would both let
me
> straight in, by-passing the password protection.
>
> Q1. Is there some way, in W98, that I can protect myself further?

No.  If you want real security, install a real operating system.

> By the way, other startup modes I have tried include
>
>     1. c:\Cygwin\bin\bash followed by ./login at the bash-2.05a$ prompt
>     2. c:\Cygwin\bin\rxvt followed by ./login at the $ prompt
>     3. c:\Cygwin\bin\login
>     4. c:\Cygwin\bin\rxvt -e /bin/login
>     5. c:\Cygwin\bin\rxvt -e /bin/bash --login

See my comment below.

> It is not easy to distinguish quite what's optimal/ redundant/ inefficient
> here. I use (4) and have seen (5) recommended. (3) is beautifully sparse.
> Several other possibilities, not all that different from these, are
clearly
> "wrong" in that they cause what looks like a working terminal window  to
be
> flashed briefly to the screen before instantly disappearing. I'm sure
there
> are many other alternatives that work.

They are all non-optimal, redundant, inefficient, and ineffective.  Use bash
instead of login.

> Q2. what the "approved" startup sequence would be for somebody requiring
> password protection and wanting also to start in a rxvt terminal. Is it
(4)?

What little password protection that is available in W98 is provided by W98.
Once you've logged in there, you are in.  There is nothing Cygwin can do
about that.

The approved startup sequence is cygwin.bat.  If you want or need to use
rxvt (which is perfectly acceptable), start bash as part of the rxvt command
line.  I don't use rxvt myself, but there have been lots of examples in this
mail list.

> Q3. Could the contents of c:\Cygwin\cygwin.bat be "officially" tweaked to
> c:\Cygwin\bin\login in order to gain the password-protection that is not
> conferred by the current contents of c:\Cygwin\cygwin.bat, or would this
> change simply induce other, different, equally bad consequences?!

I am truly puzzled about what you are attempting to accomplish.  Using
login.exe when you are already seated in front of a W98 workstation adds
absolutely nothing to system security.  That is why cygwin.bat starts bash
instead of login.
--
Mac :})
** I normally forward private questions to the appropriate mail list. **
Ask Smarter: http://www.tuxedo.org/~esr/faqs/smart-questions.html
Give a hobbit a fish and he eats fish for a day.
Give a hobbit a ring and he eats fish for an age.


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/