[ITA] inetutils-1.5-1

Charles Wilson cygwin@cwilson.fastmail.fm
Wed Mar 5 03:29:00 GMT 2008


Okay, this is round #2.  New packages are here:

http://cygwin.cwilson.fastmail.fm/ITP/inetutils-1.5-2.tar.bz2
http://cygwin.cwilson.fastmail.fm/ITP/inetutils-1.5-2-src.tar.bz2

Now depends on csih, so new setup.hint (with trimmed-down ldesc):

===== setup.hint =====
sdesc: "Common networking clients and servers"
ldesc: "inetutils provides common networking clients and
servers, including the inetd super-server, telnetd and
telnet, ftpd and ftp, rshd and rsh, rlogind and rlogin,
talkd and talk, tftpd and tftp, rexecd (but no rexec),
uucpd (but no uucp client), rcp, and syslogd."
category: Net
requires: cygwin terminfo csih
===== setup.hint =====

Changes since last post:
1) all inetd.conf services are disabled by default (but do not 
explicitly reference tcpd/tcp_wrappers).

NOTE: I decided NOT to make iu-config super-smart.  It does NOT
   a) ask about each service and offer to enable/disable it, NOR
   b) automagically update existing inetd.conf files from referencing 
"in.telnetd" to "telnetd".
In both cases, the reason was: no matter how smart I make iu-config, the 
pre/postinstall scripts will never be able to tell if inetd.conf was 
"automatically" modified, or manually modified -- and "different" means 
"never updated from new /etc/defaults/".  I figured THAT was a worse 
outcome than simply requiring:
   c) if you've already manually modified inetd.conf, you need to do so 
again, or
   d) if you want something different than the default behavior, you 
should manually establish it.

2) incorporated Corinna's security patch for rcpd (from 1.3.2-40). Also 
applied a similar fix to rexecd.

3) updated inetutils.OLD-README to 1.3.2-40's README (from 1.3.2-37).

4) preparing for disabling --install-as-service option. It's not 
disabled YET, but all it will take is a single #define and it's gone.

5) other documentation updates, related to these changes. Also, 
officially deprecated the "install as a service on its own (e.g. 
--install-as-service).  It will (always?) allow operation in this mode 
if already installed, but eventually the --install-as-service will go 
away, leaving only cygrunsrv and init as viable mechanisms.

6) inetd.exe from 1.5-2 will honor inetd.exe-1.3.2's registry key, if 
present.  This only applies if inetd-1.3.2 had previously been installed 
as a service using --install-as-service.

7) rewrote iu-config to use csih facilities -- also, now offers to 
install inetd as a service (via cygrunsrv). Note the -p option, which 
allows on NT/2k/XP systems to use a special privileged user, just like 
on WinServer2003/2008/Vista/etc.
http://cygwin.cwilson.fastmail.fm/ITP/iu-config

8) rewrote syslogd-config to use csih facilities
http://cygwin.cwilson.fastmail.fm/ITP/syslogd-config

9) new motd <g>

New problems:
=============================
While testing the csih privileged user stuff (and the iu-config -p 
option), I found that while inetd was perfectly happy to run under the 
privileged user, some of the slave servers (ftpd, rshd, ...) did not 
operate as well as they did under LocalSystem.

In particular, I couldn't even log in using ftpd. rshd did not honor 
.rhosts settings -- but did authenticate with password.  Telnetd was 
fine.  I think these have to do with hardcoded "ROOT_UID" stuff. 
Sergey's original port simply substituted root tests like:

   if (!uid) { ... }

with

   #ifdef __CYGWIN__
   #define ROOT_UID 18
   #else
   #define ROOT_UID 0
   #endif

   if (uid == ROOT_UID) { ... }

Obviously, that's no good with special privileged users (and would also 
break if we started using NetworkService or LocalService accounts).

These issues are, as far as I know, also present in the existing 1.3.2-X 
series, so they are not regressions, and probably shouldn't prevent 
uploading 1.5-2 as an "official" *test* release -- assuming the 
necessary approvals and GTGs for this 1.5-2 packageset and for the new 
csih package are forthcoming...

I'll look into fixing these newly discovered issues with the slave 
servers in -3 or later -- suggestions as to the "correct" fix?  Should I 
create a special function "accountHasRootLikeCapabilities(some uid)" and 
use that? What would this function look like?

--
Chuck



More information about the Cygwin-apps mailing list