X-Recipient: archive-cygwin AT delorie DOT com X-SWARE-Spam-Status: No, hits=2.9 required=5.0 tests=AWL,BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,RCVD_IN_DNSWL_LOW X-Spam-Check-By: sourceware.org MIME-Version: 1.0 In-Reply-To: References: From: Atry Date: Tue, 17 Jan 2012 19:06:55 +0800 Message-ID: Subject: /etc/profile set $TMP to /tmp. It's insecure! To: cygwin AT cygwin DOT com Content-Type: text/plain; charset=ISO-8859-1 X-IsSubscribed: yes Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Original $TMP and $TEMP is unset in /etc/defaults/etc/skel/.bashrc version 3.9-3, which make %USERPROFILE% directory dirty. After some disscuss at http://cygwin.com/ml/cygwin/2011-03/msg00211.html, /etc/profile version 4.0-6 set $TMP and $TEMP to /tmp. Now any program start from bash, create temporary files in /tmp, or C:\cygwin\tmp. Cygwin program, which approves /tmp 's mode 1777, creates temporary files with mode 400. That's OK. Native Win32 program, which ignores /tmp 's mode 1777, creates temporary files with mode 755. These files can be read from any user. Win32 process may leak internal data, cause potential privilege escalation attack. I suggest that set $tmp (lowercase) to original $TMP, which is meaningless for cygwin programs, and is recognized for Win32 programs. Proposed settings in /etc/profile: ORIGINAL_TMP=$TMP ORIGINAL_TEMP=$TEMP unset TMP TEMP export tmp=`cygpath -w "$ORIGINAL_TMP"` export temp=`cygpath -w "$ORIGINAL_TEMP"` -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple