This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: cygwin 1.7.35 reads file permissions differently, affects broken apps

From: Linda Walsh <cygwin at tlinx dot org>
To: cygwin at cygwin dot com
Date: Mon, 23 Mar 2015 11:55:56 -0700
Subject: Re: cygwin 1.7.35 reads file permissions differently, affects broken apps
Authentication-results: sourceware.org; auth=none
References: <alpine dot DEB dot 2 dot 00 dot 1503230918190 dot 14799 at vmdebian dot local dot koeppe-net dot de> <20150323091056 dot GC3017 at calimero dot vinschen dot de>

Corinna Vinschen wrote:

cygwin-1.7.32 $ ls -l
-rwx------+ 1 LocalService DomÃnen-Benutzer    1932 15. Aug 2014
fetchmailrc.txt

cygwin-1.7.35 $ ls -l
-rwxrwx---+ 1 LocalService DomÃnen-Benutzer    1932 15. Aug 2014
fetchmailrc.txt

Now, there are group permissions set. For me it breaks fetchmail, because
fetchmail only runs when the config file is owned by the user running
fetchmail (LocalService in my case, a system user I never can login with)
and with max 0700 permissions.

---
	I can confirm this bug exists in linux and is also
present in other mis-designed apps.  It's not cygwin specific.

Ishtar:law> llg .fetchmailrc
-rwx------ 1 law lawgroup 1103 Dec 14 13:49 .fetchmailrc*
Ishtar:law> chmod g+rw .fetchmailrc

fetchmail

File /home/law/.fetchmailrc must have no more than -rwx------ (0700) permissions.

sudo fetchmail

fetchmail: WARNING: Running as root is discouraged.
File /home/law/.fetchmailrc must have no more than -rwx------ (0700) permissions.

Another example:

sudo lilo

Warning: /etc/lilo.conf should be writable only for root
Added 3185-Isht-Van
Added 3173-Isht-Van  *
One warning was issued.
Ishtar:linux/ish-3192> llg /etc/lilo.conf
-rw-rw-r-- 1 root root 3589 Mar 17 19:48 /etc/lilo.conf

"ssh[d](re .ssh) , sudo (re sudoers), and I believe you thought
~/.rlogin also have this problem.  It is a growing problem for those
of us who manage security by group perms (I setup my linux box with
1 group per user several years ago to allow for Windows-security
compatibility).  For a while I was able to get around the problem
with ACL's, but these days, more apps are becoming ACL-aware.

Maybe linux needs a new Discretionary-access security module, dup'ed
off the current model, but with an extra set of dummy file permissions
that can be configured to be returned when run under a specified
list of program names.  Hmmm...I like it!






--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

References:
- cygwin 1.7.35 reads file permissions differently, affects fetchmail
  - From: Martin Koeppe
- Re: cygwin 1.7.35 reads file permissions differently, affects fetchmail
  - From: Corinna Vinschen

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]