Mailing-List: contact cygwin-developers-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-developers-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin-developers/>
List-Post: <mailto:cygwin-developers AT cygwin DOT com>
List-Help: <mailto:cygwin-developers-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-developers-owner AT cygwin DOT com
Delivered-To: mailing list cygwin-developers AT cygwin DOT com
Date: Tue, 22 Oct 2002 14:19:47 -0400
From: Christopher Faylor <cgf AT redhat DOT com>
To: cygwin-developers AT cygwin DOT com
Subject: Re: Avoiding /etc/passwd and /etc/group scans
Message-ID: <20021022181947.GA4729@redhat.com>
Reply-To: cygwin-developers AT cygwin DOT com
Mail-Followup-To: cygwin-developers AT cygwin DOT com
References: <3DB416E7 DOT 99E22851 AT ieee DOT org> <20021021162246 DOT GC15828 AT redhat DOT com> <20021022162432 DOT GF514 AT redhat DOT com> <3DB58CBD DOT 87B2BDD8 AT ieee DOT org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <3DB58CBD.87B2BDD8@ieee.org>
User-Agent: Mutt/1.5.1i

On Tue, Oct 22, 2002 at 01:37:01PM -0400, Pierre A. Humblet wrote:
>Christopher Faylor wrote:
>>
>> I've checked this in.  If this solves the majority of the ntsec complaints,
>> I may even send you a medal.
>>  
>> If I had any idea that turning on ntsec by default would cause this much
>> pain, I don't think I would have considered it.
>
>Thanks. By the way the patch can be tested by screwing up the passwd file.
>Delete your sid or (more simply) add a "," at the end. Everything should
>still work as before for you, if your Windows name == Cygwin name, except 
>you will be unable to ssh into the system. 
>You can also delete your passwd entry altogether.
>
>I keep watching the list and I have identified other solvable 
>issues. I have fixes, but they are more substantial than this patch. 
>I was going to to submit them after Corinna comes back, as they
>overlap the uid == gid patch I had sent just before she left.

I'll provide you with ssh access to sources.redhat.com if you want to
accumulate your patches on a branch and maybe even offer your own
"snapshots".

I really didn't anticipate the level of difficulties that are showing up
in the cygwin mailing list wrt ntsec, so I'd like to get them solved.
I'm thinking that if we can get some stuff tested before Corinna returns
then maybe it will make her job a little easier.

Barring that, if you could offer some assurance, on the cygwin mailing
list, that you're looking into the bugs, that would be helpful.  Then,
at least, people will realize that their complaints aren't falling on
deaf ears.

cgf