This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Problems with the new base-files-4.0-5?


On 18 March 2011 16:23, David Sastre wrote:
> On Fri, Mar 18, 2011 at 02:17:14PM +0000, Andy Koppe wrote:
>> On 18 March 2011 13:46, David Sastre wrote:
>> > All [[, have been changed to a portable [ test.
>> > I've changed `test -a' for a portable `test -e', and the -a operator
>> > in the user's home ownership test to a chained test:
>> >
>> > elif [ ! -O "${HOME}" ] && [ "${HOME#/home/}" != "${HOME}" ]; then ...
>>
>> Even though that home ownership test was partly my idea, I think it
>> should simply be dropped, because it doesn't actually address the
>> security issue it was supposed to address and the warning is likely to
>> cause unnecessary alarm to users with unusual yet legitimate setups.
>
> IIRC, the point was that some apps expect $HOME to be owned by the
> user in order to operate correctly.

Originally at least it was supposed to address this:

http://www.cygwin.com/ml/cygwin-developers/2010-09/msg00007.html

The $HOME warning doesn't address this because for example a
maliciously prepared /home/$USER/.bash_profile would still get
sourced.

I can't remember other reasons.

Andy

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]