This is the mail archive of the cygwin mailing list for the Cygwin project.
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
Other format: | [Raw text] |
On Fri, Mar 18, 2011 at 04:41:49PM +0000, Andy Koppe wrote: > On 18 March 2011 16:23, David Sastre wrote: > > On Fri, Mar 18, 2011 at 02:17:14PM +0000, Andy Koppe wrote: > >> On 18 March 2011 13:46, David Sastre wrote: > >> > All [[, have been changed to a portable [ test. > >> > I've changed `test -a' for a portable `test -e', and the -a operator > >> > in the user's home ownership test to a chained test: > >> > > >> > elif [ ! -O "${HOME}" ] && [ "${HOME#/home/}" != "${HOME}" ]; then ... > >> > >> Even though that home ownership test was partly my idea, I think it > >> should simply be dropped, because it doesn't actually address the > >> security issue it was supposed to address and the warning is likely to > >> cause unnecessary alarm to users with unusual yet legitimate setups. > > > > IIRC, the point was that some apps expect $HOME to be owned by the > > user in order to operate correctly. > > Originally at least it was supposed to address this: > > http://www.cygwin.com/ml/cygwin-developers/2010-09/msg00007.html > > The $HOME warning doesn't address this because for example a > maliciously prepared /home/$USER/.bash_profile would still get > sourced. > > I can't remember other reasons. OK. I'll drop it then. -- Huella de clave primaria: 0FDA C36F F110 54F4 D42B D0EB 617D 396C 448B 31EB
Attachment:
signature.asc
Description: Digital signature
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |