scenario: no registry access, C:\ locked out

Andrew Patrzalek apatrza1@rochester.rr.com
Tue Jun 20 18:47:00 GMT 2000


----- Original Message -----
From: "Chris Faylor" <cgf@cygnus.com>
To: <cygwin-developers@sourceware.cygnus.com>
Sent: Tuesday, June 20, 2000 9:02 PM
Subject: Re: scenario: no registry access, C:\ locked out


> On Tue, Jun 20, 2000 at 09:01:41PM -0400, Andrew Patrzalek wrote:
> >System administrators are allowed to access the registry to change it, a
> >non-privileged user is not.  For instance, work stations on many networks
> >are locked out, for various reasons, preventing a non-privileged user
from
> >running regedit to alter the registry. However, another partition, say
d:\,
> >is allowed for use by this user for programs which don't require the
> >registry for running. This is where cygwin can really shine, 32-bit
> >executables, no registry needed. Programs can be compiled, tested and
> >demonstrated without violating network restrictions and commitments.
>
> Are you saying that there is a scenario where someone implements registry
> security by locking out regedit but any other program (i.e., cygwin) is
> able to write to the registry?  That doesn't sound like a very secure
> system.

The security level is intended to deter not abolish.

>
> If, on the other hand, the registry is completely locked from being
> written then I don't understand how cygwin comes into play. I don't
> know what a partition has to to with the registry either.  Are you
> saying that the disk holding the Windows directory is write-locked?
>
Not in the sense that all programs a not allowed to write to it, only
attempts from an non-privileged group are.

> Can you give a specific example of something you'd like to see changed
> in Cygwin?  Are you saying that it should not read the mount table
> from the registry?  Or, that the user should not be able to write to the
> mount table?  Those are the only two instances that I can think of where
> cygwin normally accesses the registry.  There are a couple of other minor
> cases but they are not common.
>
> cgf
Writing to the mount table is permitted within a users profile, as I
mentioned, another partition, the example being d:\, is accessible.  These
last two sentences may answer my question, if these imply your perspective
on how much the project will rely on MSWindows registry.
    I am concerned that future development may start to rely on the registry
more. For instance, one distribution of Cygwin used a canned install program
that when used on such a workstation would not allow installation to
progress since it had to install to C:\ as the root directory and not allow
installs to another partition, D:\.  I realize this is not due to
cygwin1.dll just the install programs rigidity, but it demonstrates a
hazardous mindset.
   Just to re-iterate, this is somewhat a question involving the goals of
cygwin.  I have recently read postings, such as one just recently, about
altering the registry to extend cygwin's applicability.  If cygwin is an
exercise in developing the MSWindows environment that is one thing. If
cygwin is allowing more exposure the *nix world, that's another. There are
benefits in either environment, but "long live the difference".
   The short answer is that if you don't see Cygwin invading the registry
more than it already has, this, to me, is a good thing.  If this is not true
then I see problems ahead.



More information about the Cygwin-developers mailing list