This is the mail archive of the cygwin@sourceware.cygnus.com mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]

Re: FW: Description of the new 'ntsec' feature

To: "Cygwin@Sourceware. Cygnus. Com" <cygwin@sourceware.cygnus.com>
Subject: Re: FW: Description of the new 'ntsec' feature
From: Corinna Vinschen <corinna@vinschen.de>
Date: Thu, 19 Aug 1999 12:44:31 +0200
CC: ssiddiqi@ipass.net
References: <LOBBLPGIHMIEGBEAFDMCAEJGCAAA.ssiddiqi@inspirepharm.com> <19990819000442.B9980@cygnus.com>

Chris Faylor wrote:
> On Wed, Aug 18, 1999 at 09:20:36PM -0400, Suhaib M. Siddiqi wrote:
> > [...]
> >In my hands NTSEC had been very annoying.  I get all the time those
> >pinfo_proc kill at 1000 blah blah.
> >
> >I did not understand the philosophy behind NTSEC.  Cygwin is a
> >development tool not a multiuser UNIX login system, thus I am not sure
> >implementing all the UNIX traditional security features would be
> >helpfull for development tools.
> 
> The philosophy was that we could get real ownership and real executable
> bits and real UNIX permissions.  I also thought it would be nice to have
> a multi-user NT system where people couldn't routinely kill each others'
> processes.  I asked Corinna for this and she spent a lot of time on it.

Another problem was: A cygwin process that was started via service
manager (inetd) and it's child process (telnetd, sshd, etc) couldn't
be killed with cygwin tools (kill). So I spent time to look over NT
security to solve this problem, which was a developers problem.

Note, that you are _able_ to work with cygwin as if you work in
the mentioned multiuser UNIX system. Moreover it's possible to
_develop_ with other persons in the same cygwin environment on
the same workstation together. Why not supporting this with a
suitable security model?

> I can understand why you don't want to use it.  Just turn if off.  If
> you still are having problems then they're probably not due to ntsec.
> There's probably a bug in cygwin from something *I've* done.

And there's probably a bug in ntsec, too. I hope that some people are
willing, to give ntsec a try. It works "for me" but I'm not able to
see all consequences in my environment, so I need feedback. 
If nobody would test your XFree porting results you would have a
far bigger problem, isn't it?

The main items are:
- Are there real bugs?
- Are the choosen security settings adequate?
- Should the settings for administrators better be as in NT itself?
- How is it possible to do convenient without /etc/passwd and
  /etc/group?

And, last but not least: Patches are gratefully accepted ;-)

Regards,
Corinna

--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com

Follow-Ups:
- RE: FW: Description of the new 'ntsec' feature
  - From: "Suhaib Siddiqi" <ssiddiqi@ipass.net>

References:
- FW: Description of the new 'ntsec' feature
  - From: "Suhaib M. Siddiqi" <ssiddiqi@inspirepharm.com>
- Re: FW: Description of the new 'ntsec' feature
  - From: Chris Faylor <cygwin@sourceware.cygnus.com>

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]