Mailing-List: contact cygwin-developers-help AT sourceware DOT cygnus DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-developers-owner AT sourceware DOT cygnus DOT com Delivered-To: mailing list cygwin-developers AT sourceware DOT cygnus DOT com Message-ID: <005801bfdb23$843d2040$0201a8c0@home.net> From: "Andrew Patrzalek" To: References: <003001bfdb14$fb514760$0201a8c0 AT home DOT net> <20000620202940 DOT A10791 AT cygnus DOT com> <005001bfdb1c$42c5f4e0$0201a8c0 AT home DOT net> <20000620210203 DOT A11641 AT cygnus DOT com> Subject: Re: scenario: no registry access, C:\ locked out Date: Tue, 20 Jun 2000 21:53:37 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2919.6600 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600 ----- Original Message ----- From: "Chris Faylor" To: Sent: Tuesday, June 20, 2000 9:02 PM Subject: Re: scenario: no registry access, C:\ locked out > On Tue, Jun 20, 2000 at 09:01:41PM -0400, Andrew Patrzalek wrote: > >System administrators are allowed to access the registry to change it, a > >non-privileged user is not. For instance, work stations on many networks > >are locked out, for various reasons, preventing a non-privileged user from > >running regedit to alter the registry. However, another partition, say d:\, > >is allowed for use by this user for programs which don't require the > >registry for running. This is where cygwin can really shine, 32-bit > >executables, no registry needed. Programs can be compiled, tested and > >demonstrated without violating network restrictions and commitments. > > Are you saying that there is a scenario where someone implements registry > security by locking out regedit but any other program (i.e., cygwin) is > able to write to the registry? That doesn't sound like a very secure > system. The security level is intended to deter not abolish. > > If, on the other hand, the registry is completely locked from being > written then I don't understand how cygwin comes into play. I don't > know what a partition has to to with the registry either. Are you > saying that the disk holding the Windows directory is write-locked? > Not in the sense that all programs a not allowed to write to it, only attempts from an non-privileged group are. > Can you give a specific example of something you'd like to see changed > in Cygwin? Are you saying that it should not read the mount table > from the registry? Or, that the user should not be able to write to the > mount table? Those are the only two instances that I can think of where > cygwin normally accesses the registry. There are a couple of other minor > cases but they are not common. > > cgf Writing to the mount table is permitted within a users profile, as I mentioned, another partition, the example being d:\, is accessible. These last two sentences may answer my question, if these imply your perspective on how much the project will rely on MSWindows registry. I am concerned that future development may start to rely on the registry more. For instance, one distribution of Cygwin used a canned install program that when used on such a workstation would not allow installation to progress since it had to install to C:\ as the root directory and not allow installs to another partition, D:\. I realize this is not due to cygwin1.dll just the install programs rigidity, but it demonstrates a hazardous mindset. Just to re-iterate, this is somewhat a question involving the goals of cygwin. I have recently read postings, such as one just recently, about altering the registry to extend cygwin's applicability. If cygwin is an exercise in developing the MSWindows environment that is one thing. If cygwin is allowing more exposure the *nix world, that's another. There are benefits in either environment, but "long live the difference". The short answer is that if you don't see Cygwin invading the registry more than it already has, this, to me, is a good thing. If this is not true then I see problems ahead.