This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: (call-process ...) hangs in emacs

From: Corinna Vinschen <corinna-cygwin at cygwin dot com>
To: cygwin at cygwin dot com
Date: Fri, 29 Aug 2014 23:43:34 +0200
Subject: Re: (call-process ...) hangs in emacs
Authentication-results: sourceware.org; auth=none
References: <loom dot 20140827T170804-533 at post dot gmane dot org> <loom dot 20140828T085927-71 at post dot gmane dot org> <20140828095524 dot GO20700 at calimero dot vinschen dot de> <20140828131832 dot GT20700 at calimero dot vinschen dot de> <loom dot 20140828T172529-396 at post dot gmane dot org> <loom dot 20140829T115632-276 at post dot gmane dot org> <20140829110938 dot GD20700 at calimero dot vinschen dot de> <5400C19D dot 4070408 at cornell dot edu> <87ha0vhzge dot fsf at Rainer dot invalid> <5400D64D dot 1090709 at cornell dot edu>
Reply-to: cygwin at cygwin dot com

On Aug 29 15:36, Ken Brown wrote:
> On 8/29/2014 3:23 PM, Achim Gratz wrote:
> >Ken Brown writes:
> >>With the latest snapshot I can't start the sshd service.  The
> >>Application Log just says, "`sshd' service stopped, exit
> >>status:255". The problem doesn't occur with the 2014-08-27 snapshot.
> >>I guess this has something to do with the new permissions on various
> >>files, but I'm not sure which ones.
> >
> >Off the top of my head for the standard installation:
> >
> >/etc/ssh*
> >/var/empty
> >/var/log/sshd
> >
> >When you try to debug the sshd, IIR these are the files that must be
> >chown'ed to the admin user that runs sshd from the terminal.  Running in
> >debug mode (either from the terminal or via sshd_config) should produce
> >messages which file or directory sshd is choking on.
> 
> I just checked /var/log/sshd.log.  (I hadn't thought to do that before.)
> The last message in it is, "/var/empty must be owned by root and not group
> or world-writable."  So the problem seems to be that /var/empty appears to
> sshd to be group writable under the latest snapshot.  This is the "downside"
> that Corinna mentioned.  What needs to be done to /var/empty to fix this?

What needs to be done is to fix the ssh-host-config script.  It adds an
ACE for SYSTEM on /var/empty, /etc, and /var/log for no apparent reason.

I just sent a patch upstream which removes the code trying to generate
/etc and /var/log entirely (done by setup.exe) and which drops adding
a SYSTEM ACE to /var/empty.

A temporary workaround is either to remove the SYSTEM ACE:

  $ setfacl -d g:18: /var/empty

or to change /etc/sshd_config not to use privilege separation:

  UsePrivilegeSeparation no

However, this is obviously a problem for all existing installations.
OpenSSH 6.7p1 will be released pretty soon.  I will add a postinstall
script which removes the SYSTEM ACE from /var/empty at installation
time.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

Attachment: pgpXqWQhukpRs.pgp
Description: PGP signature

Follow-Ups:
- Re: (call-process ...) hangs in emacs
  - From: Andrey Repin

References:
- Re: (call-process ...) hangs in emacs
  - From: Achim Gratz
- Re: (call-process ...) hangs in emacs
  - From: Achim Gratz
- Re: (call-process ...) hangs in emacs
  - From: Corinna Vinschen
- Re: (call-process ...) hangs in emacs
  - From: Corinna Vinschen
- Re: (call-process ...) hangs in emacs
  - From: Achim Gratz
- Re: (call-process ...) hangs in emacs
  - From: Achim Gratz
- Re: (call-process ...) hangs in emacs
  - From: Corinna Vinschen
- Re: (call-process ...) hangs in emacs
  - From: Ken Brown
- Re: (call-process ...) hangs in emacs
  - From: Achim Gratz
- Re: (call-process ...) hangs in emacs
  - From: Ken Brown

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]