Mailing-List: contact cygwin-developers-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-developers-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin-developers/>
List-Post: <mailto:cygwin-developers AT cygwin DOT com>
List-Help: <mailto:cygwin-developers-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-developers-owner AT cygwin DOT com
Delivered-To: mailing list cygwin-developers AT cygwin DOT com
Subject: Re: Avoiding /etc/passwd and /etc/group scans
From: Robert Collins <rbcollins AT cygwin DOT com>
To: cygwin-developers AT cygwin DOT com
In-Reply-To: <20021022213133.GI6429@redhat.com>
References: <20021022162432 DOT GF514 AT redhat DOT com> <3DB58CBD DOT 87B2BDD8 AT ieee DOT org>
	<20021022181947 DOT GA4729 AT redhat DOT com> <3DB5A076 DOT ABAFF076 AT ieee DOT org>
	<20021022191217 DOT GD4828 AT redhat DOT com> <3DB5AB53 DOT B434ED90 AT ieee DOT org>
	<20021022202004 DOT GA6995 AT redhat DOT com> <3DB5BA56 DOT A76B6463 AT ieee DOT org>
	<20021022211930 DOT GF6429 AT redhat DOT com> <1035321750 DOT 1455 DOT 14 DOT camel AT lifelesswks> 
	<20021022213133 DOT GI6429 AT redhat DOT com>
Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature";
	boundary="=-KxWTFmS47dcqK8oYz0jJ"
Date: 23 Oct 2002 07:36:08 +1000
Message-Id: <1035322568.1949.20.camel@lifelesswks>
Mime-Version: 1.0


--=-KxWTFmS47dcqK8oYz0jJ
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

On Wed, 2002-10-23 at 07:31, Christopher Faylor wrote:
> On Wed, Oct 23, 2002 at 07:22:30AM +1000, Robert Collins wrote:
> >On Wed, 2002-10-23 at 07:19, Christopher Faylor wrote:
> >> >- Do the modes depend on the value of ntsec when setup is run=20
> >> >  (e.g. inheriting from the directory)? =20
> >>=20
> >> Nope.  setup isn't a cygwin app, so...
> >> cgf
> >
> >And because ntsec wasn't the default we couldn't set reasonable acls...
>=20
> Why would that matter?  If setting reasonable acls is going to hurt the
> CYGWIN=3Dnontsec case then that's not good either.

We need /etc/passwd and /etc/group to be filled out to understand what
nt group and user to use. Setup.exe's files by default are executable by
'everyone'.

If we can depend on a correct /etc/passwd we should be able to do
something. We will need to have a postinstall script for cygwin1.dll
that sets the permissions on cygwin1.dll, mkpasswd and mkpgroup, and
ensure that that script runs first, but that is all (off the top of my
head - may be wrong :})

Rob
--=20
---
GPG key available at: http://users.bigpond.net.au/robertc/keys.txt.
---

--=-KxWTFmS47dcqK8oYz0jJ
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQA9tcTHI5+kQ8LJcoIRAon1AJ4/w0quTQbWDwXqUHjJoGJmpfHJLQCfe8uH
KWKgVDrct3gIuG7AsSaxxHY=
=CN1+
-----END PGP SIGNATURE-----

--=-KxWTFmS47dcqK8oYz0jJ--