X-Recipient: archive-cygwin AT delorie DOT com X-Spam-Check-By: sourceware.org Date: Wed, 29 Feb 2012 10:25:39 +0100 From: Corinna Vinschen To: cygwin AT cygwin DOT com Subject: Re: 1.7.10/1.7.11: .Net programs started from a cygwin console may fail. Message-ID: <20120229092539.GP23440@calimero.vinschen.de> Reply-To: cygwin AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com References: <4F4BA00E DOT 2020806 AT prover DOT com> <20120228125601 DOT GC23440 AT calimero DOT vinschen DOT de> <20120228141754 DOT GA6518 AT calimero DOT vinschen DOT de> <20120228203956 DOT GD6761 AT jethro DOT local DOT lan> <20120228214136 DOT GM23440 AT calimero DOT vinschen DOT de> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20120228214136.GM23440@calimero.vinschen.de> User-Agent: Mutt/1.5.21 (2010-09-15) Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com On Feb 28 22:41, Corinna Vinschen wrote: > The culprit is setup.exe apparently. If it sets 1777 permissions, it > uses the same permissions for the inheritable default permissions. It > should remove the write bits before creating the inheritable default > permissions. In Cygwin this is controlled by the umask, but setup > doesn't know about a umask. > > So, the correct solution is to change setup.exe to create less dangerous > default permissions for the Win32 apps in case of 1777 dirs. That makes > the tmp/temp stuff in etc/profile unnecessary. I just applied a fix to setup so that the default permissions for dirs created with the sticky bit (t) set don't contain write permissions for group and other. I see to it that it will be uploaded to cygwin.com shortly. > The *big* problem are the already existing /tmp dirs with bad permissions > throughout the Cygwin users. > > David, instead of setting tmp/temp, What about adding the following line > to /etc/profile? > > setfacl -m d:g::r-x,d:o:r-x /home /tmp /usr/tmp /var/log /var/run /var/tmp 2>/dev/null > > That sets the list of directories created with 1777 permissions by > setup.exe itself to more sane permissions. Maybe it could be combined > with a marker file, along these lines: > > if [ ! -f /etc/.177fix ] > then > setfacl -m d:g::r-x,d:o:r-x /home /tmp /usr/tmp /var/log /var/run /var/tmp 2> /dev/null && touch /etc/.177fix > fi That should have been /etc/.1777fix, of course. I think something like this is necessary since it makes sure that setfacl is called once by a user with the right permissions and then it's just ignored ever after. Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Project Co-Leader cygwin AT cygwin DOT com Red Hat -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple