This is the mail archive of the cygwin-developers mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Cygwin AF_UNIX emulation


Corinna Vinschen wrote:
On Oct 17 21:29, Christian Franke wrote:
Corinna Vinschen wrote:
On Oct 16 23:34, Christian Franke wrote:
Nasty detail: At least postfix sets the all AF_UNIX sockets to rw-rw-rw- and
relies only on directory permissions (private: rwx------, public: rwx--x---)
for access control. This is not effective on Cygwin. Due to the rw-rw-rw-,
the 'secret' is world readable on Cygwin and another Cygwin specific patch
is required :-)
Yeah, thanks to Windows which enables the "Bypass Traverse checking"
privilege for everyone :(  At one point in 2005 I toyed with traverse
checking but eventually gave up in 2006 and reverted the stuff.
This does not appear as an Se*Privilege in the token, correct?
It's in the token, and it's an ugly amalgamation of two unrelated
mechanisms(*):

   SE_CHANGE_NOTIFY_NAME

     Required to receive notifications of changes to files or
     directories. This privilege also causes the system to skip all
     traversal access checks. It is enabled by default for all users.

     User Right: Bypass traverse checking.

An unexpected "feature", IMO.

Hmm.... after removing this privilege, Cygwin returns garbage stat() info, for any path below the 'forbidden directory':

$ uname -srvm
CYGWIN_NT-6.1-WOW64 1.7.33s(0.278/5/3) 20141017 14:39:49 i686

$ cd /var/spool/postfix/

$ ls -ld private
drwx------+ 1 postfix none 0 Oct 18 16:39 private

$ ls -l private
ls: cannot open directory private: Permission denied

$ ls -l private/smtp
srw-rw-rw- 1 postfix none 0 Oct 18 16:39 private/smtp

$ cygdrop -p ChangeNotify ls -l private/smtp
-rw-r----- 1 Unknown+User Unknown+Group 6991943424855812584 Jun 23 1909 private/smtp

$ ls -l private/no/such/path
ls: cannot access private/no/such/path: No such file or directory

$ cygdrop -p ChangeNotify ls -l private/no/such/path
-rw-r----- 1 Unknown+User Unknown+Group 6991943424855812584 Jun 23 1909 private/no/such/path

$ cygdrop -p ChangeNotify ls -l /tmp/no/such/path
ls: cannot access /tmp/no/such/path: No such file or directory


BTW: I could ITP postfix in one week or so. It would rely on the SO_PEERCRED
workaround for now. Any objections?
Uh, we're not having a Cygwin release it could work with for now.
It might be better to wait until then, if that's ok with you.

Of course.

My intention was to get the initial packing issues fixed early such that the actual upload could be done when a the first compatible Cygwin release is available.


I'm planning to release 1.7.33(**) in November at the latest.  I'm
not going to stall this release until we have another solution for
the aforementioned problems, the SO_PEERCRED wourkaround should
suffice for now.

OK.


(**) Or 1.9.0. I'm not sure yet if we should bump the DLL major version due to the massive changes to user and group handling or not.

During testing postfix with recent snapshots, I found nothing that needed to be changed in my existing installations which have complete /etc/passwd and group files. The only visible difference is that Cygwin now reports groups not seen before (like 4="INTERAKTIV").

So keeping 1.7.* might be OK.

Christian


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]