This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Problems with the new base-files-4.0-5?

On 18 March 2011 16:23, David Sastre wrote:
> On Fri, Mar 18, 2011 at 02:17:14PM +0000, Andy Koppe wrote:
>> On 18 March 2011 13:46, David Sastre wrote:
>> > All [[, have been changed to a portable [ test.
>> > I've changed `test -a' for a portable `test -e', and the -a operator
>> > in the user's home ownership test to a chained test:
>> >
>> > elif [ ! -O "${HOME}" ] && [ "${HOME#/home/}" != "${HOME}" ]; then ...
>> Even though that home ownership test was partly my idea, I think it
>> should simply be dropped, because it doesn't actually address the
>> security issue it was supposed to address and the warning is likely to
>> cause unnecessary alarm to users with unusual yet legitimate setups.
> IIRC, the point was that some apps expect $HOME to be owned by the
> user in order to operate correctly.

Originally at least it was supposed to address this:

The $HOME warning doesn't address this because for example a
maliciously prepared /home/$USER/.bash_profile would still get

I can't remember other reasons.


Problem reports:
Unsubscribe info:

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]