This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: CSIH file permission tests on non-NTFS broken (was Re: ssh-host-config script fails)


Corinna Vinschen wrote:
A check for non-NTFS should be sufficient for now, IMHO.  It's bad
enough to run an OS on such an insecure file system, but it's hard to
enforce upgrading to NTFS.  However, ntsec and smbntsec are dead in the
water and I don't think we should encourage usage of noacl more than
necessary, especially for sensitive services.

So, I'd basically need to check the fstype for each of the directories of interest (they MAY all be on the same volume, but not necessarily).
/var
/var/run
/var/log
/var/empty
/etc
So, how do I do that portably? The 1.7 version of mount returns that information, but the 1.5 version does not. What if I import your getvolinfo program
http://cygwin.com/ml/cygwin/2007-08/msg00040.html
as one of the csih helper progs, and put it under /usr/lib/csih/ (alternatively, import getvolinfo into cygutils).


In that case, I wouldn't need to check for NTFS at all -- instead, I'd check for "FILE_PERSISTENT_ACLS[ ]*: TRUE", right?

Or is there a better way?

--
Chuck

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]