This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: 1.7.10/1.7.11: .Net programs started from a cygwin console may fail.

On Tue, Feb 28, 2012 at 03:17:54PM +0100, Corinna Vinschen wrote:
> On Feb 28 08:51, Jon Clugston wrote:
> > Just a guess, but it does look suspiciously like the name of an
> > environment variable.  Wasn't there some discussion lately about
> > differing case environment variables ("tmp" as opposed to "TMP")?
> Dead on, thanks!  The definitions of tmp and temp in /etc/profile result
> in a double definition of the %TMP% and %TEMP% dos variables from the
> .Net applications POV and it's too dumb to handle that gracefully.
> So the solution is, either we drop the tmp and temp definitions in
> /etc/profile, or old .net apps should be started only after calling
> `unset tmp temp' in bash.
> Btw., tmp and temp are not preserved this way in tcsh's profile scripts.
> So I'm wondering why we do it in /etc/profile.  Can somebody give me a
> management summary?

A while back (about the 3.x -> 4.x changes in base-files), it was
agreed to unset both TMP and TEMP and set them to /tmp.
A user concerned about the security of files owned by windows native 
applications started within cygwin, reported that those files were
created with 777 perms under /tmp, making it trivial for other users to
read/copy temps files easily.
The solution proposed, which I included in 4.0-7, was to set temporary
dirs as they are now in /etc/profile.

With regards to tcsh, and apart from /etc/profile.d/*.csh, it doesn't
use any startup file in base-files, as you know it has its own set of 


and a couple of files under /etc/profile.d (as of 6.18.00-3).
So it is not easy for me to propagate this to tcsh. Regardless, it's probably 
my fault not having publicised enough that change to give tcsh, and
probably zsh and mksh (both can use /etc/their-own-startup-profile)
mantainers at least the chance to include it or complain.

If this setting is to be dropped, we'll go back to creating unsecure files
in /tmp under the described scenario (unless some other solution is implemented).

Huella de clave primaria: AD8F BDC0 5A2C FD5F A179  60E7 F79B AB04 5299 EC56

Attachment: signature.asc
Description: Digital signature

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]