[ITA] - base-files base-passwd

Corinna Vinschen corinna-cygwin@cygwin.com
Fri Sep 17 16:47:00 GMT 2010 

On Sep 17 13:59, David Sastre wrote:
> Hello,
> 
> Regarding the ITA of these packages, and the proposed patches, I have
> some thoughts to share and discuss before I repackage them.
> 
> 1 http://sourceware.org/ml/cygwin/2010-04/msg00521.html
>   case sensitivity of system32 dir (win7 and vista)
> 2 http://cygwin.com/ml/cygwin/2010-02/msg00503.html
>   PS1 not inherited by interactive shells with a non interactive
>   ancestry
> 3 http://sourceware.org/ml/cygwin/2010-05/msg00000.html
>   PS1 setting for *ksh shells
> 4 Merging base-files and base passwd together.
> 5 http://cygwin.com/ml/cygwin-developers/2010-09/msg00007.html
>   /home security problem
> 
> 1 This is a simple fix, so it'd be applied.
> 
> 2 This could be solved by redefinig the skeletal files for every shell
> (more below).
> 
> 3 This one might deserve some discussion:
> Because of, as of now, the default shell in cygwin is bash, as I see it, 
> there are two possible approaches:
>   
>   a) base-files provides the skel defaults and profile.d/ for the bash shell 
>   and delegates in the other shells' packages the way they want to set PS1, 
>   and/or have /etc/${SYSTEM_WIDE_RC} and/or /etc/skel/.{USER_RC} and/or
>   /etc/profile.d/${CUSTOM_FILES} and/or update the alternatives system.
>   (bash->sh, tcsh->csh, mksh->ksh, etc...).
>   The same would apply for every shell (bash, mksh, tcsh, posh, dash).
>   This is currently the approach in the case of tcsh (except for
>   /etc/defaults/etc/profile.d/lang.csh)
>   
>   b) base-files provides skel defaults and profile.d customizations for 
>   every shell (some are common: i.e. /etc/skel/.profile).

Tcsh is somewhat different from the other shells because it's using
an entirly different script syntax.

WHat's wrong with the proposed patch?  The only problem I have with it
is the fact that it uses tr and sed to find out what shell it's running
in.  There is probably a way to do this without starting more processes.
Like this:

  read x < /proc/self/exename
  case "$x" in
    */bash)
      ...
    */dash|*/ash|*/sh)
      ...
    */ksh)
      ...
    */zsh)
      ...
    *
      ...


> What do you people think?
> 
> 4 Can we consider this? what are the circular dependencies in that scenario?
> AFAICT, including base-passwd in base-files, and afterwards dropping
> base-passwd dependencies anywhere else should be harmless.

I agree with Chris.  Let's keep them separate.  I can imagine that the
process to create default /etc/passwd and /etc/group files might change
in the future (more intelligent, no such files at all, you name it), and
there's no reason to change base-files in that case.

> 5 As stated in the referenced thread, there is no way to prevent attackers 
> to create a user's home dir before she/he logins the first time other than 
> disallowing anyone but the Administrator to do that. 
> If the proposed workaround (issuing a warning if $HOME already exists and 
> is owned by someone else) is considered enough, I'll include it. 
> I haven't thought of anything better than that.

It's good enough for a start.  If we come up with a better solution,
we can still change it, right?


Thanks,
Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

More information about the Cygwin-apps mailing list