This is the mail archive of the
cygwin-developers@cygwin.com
mailing list for the Cygwin project.
Re: outstanding issues blocking new release?
- To: cygwin-developers at sources dot redhat dot com
- Subject: Re: outstanding issues blocking new release?
- From: Charles Wilson <cwilson at ece dot gatech dot edu>
- Date: Mon, 13 Aug 2001 17:39:40 -0400
- References: <997736053.9407.ezmlm@sources.redhat.com>
[snip]
> > In each case, 'ls -ld' shows "drwxrwxrwx". Newly created files
> > underneath these two directories have ACLs that are identical.
>
> That's what I'd expected. setup.exe uses a very simple default DACL
> (just look into the short new function in main.cc - it's hopefully
> well commented) which only sets full control for everyone. mkdir
> OTOH uses the standard POSIX permissions which give permissions
> always to user, group and other. The differences are only that
> files created by setup are deletable by everyone while files
> created by mkdir are only deletable by users which have write and
> execute permissions on the parent directory. You can see the
> difference only by carefully examining the output in the W2K "advanced"
> security tab.
Okay...
> > It seems that setup.exe follows "behavior #2" in Corinna's description
> > (because setup.exe IS a native windows app, after all).
> >
> > Two related questions:
> > 1) is the difference in directory ACLs a problem?
>
> No. Not if security is a non-issue. Otherwise both variants are
> too dangerous.
Currently, it is probably a non-issue. Later, perhaps...Egor may
disagree.
> > 2) should setup.exe contain the same code that security.cc does, so that
> > setup-created dirs have the same ACL as mkdir-created ones? (E.g. with
> > regards to ACL's, should setup.exe behave as a cygwin app according to
> > "behavior #3" in Corinna's description above?)
>
> I don't know what you mean by "behavior #n".
You listed three "new behaviors" in the email in which you announced
your recent changes (although you didn't number them; they were 'bullet
points').
> Anyway, It might be
> an interesting feature for future versions of setup to create the
> permissions on NTFS filesystems according to the permissions in
> the tarballs. However, it's a lot of work to pull the security.cc
> stuff into setup. And it only applies to systems which have `ntsec'
> set but the question if `ntsec' shall be used isn't asked anywhere
> in the setup dialogs. It wouldn't make any sense at all to people
> who install for the first time. And note that neither /etc/passwd
> nor /etc/group exist when the tarballs are unpacked the first time.
> So which user and group membership makes sense at that point?
Oooh. good point.
> > An unrelated question: should setup create /tmp with perms 1777 instead
> > of 0777, as it currently does?
>
> That's impossible with the current simple way to set the permissions
> using the default DACL. That requires the above, including security.cc
> code into setup.
Urk.
Okay, consider my points answered, but let me confirm: you have made no
recent changes to setup.exe, right? (IOW, the setup.exe currently on
the cygwin websight and a setup.exe built from CVS will both create dirs
with the same simple DACL). If not, then perhaps a newish setup should
be released along with the new cygwin.
--Chuck