base-files: New files to fix permission issues (was Re: 1.7.10/1.7.11: .Net programs started from a cygwin console may fail.)
Eric Blake
eblake@redhat.com
Fri Mar 2 11:59:00 GMT 2012
On 03/02/2012 03:46 AM, Corinna Vinschen wrote:
> On Mar 1 11:08, Corinna Vinschen wrote:
>> # Fix a problem introduced by older versions of setup.exe
>> [...]
>
> David, ping? Can we add the below two files to base-files asap and
> remove the tmp/temp workaround, please?
>
> /etc/profile.d/1777fix.csh:
>
> #!/bin/tcsh
> # Fix a problem introduced by older versions of setup.exe
> # Read comments in /etc/profile.d/1777fix.sh for more information.
> set GUARDFILE = "/etc/.1777fix"
> if ( ! -f "${GUARDFILE}" ) then
> /bin/bash /etc/profile.d/1777fix.sh
> endif
>
> /etc/profile.d/1777fix.sh:
>
> #!/bin/bash
As long as we're requiring bash,...
> # Fix a problem introduced by older versions of setup.exe
> # Directories with 1777 permissions were erroneously created
> # with 777 inheritable default permissions. This is a security
> # problem for non-Cygwin apps using these folders. This is
> # especially tragic in case of /tmp.
> GUARDFILE="/etc/.1777fix"
> DIRLIST="/home /tmp /usr/tmp /var/log /var/run"
> if [ ! -f "${GUARDFILE}" ]
> then
> cnt=0
> success=0
> for file in ${DIRLIST}
> do
> # We test if the default group or other permissions are rwx.
> # If so, it's dangerous and highly likely that these are still
> # the permissions set by setup.exe
> if getfacl "${file}" | grep -Eq 'default:(group:|other):rwx'
Is it worth converting this to case/esac for one fewer child process?
> then
> cnt=$(expr $cnt + 1)
...this should be written cnt=$((cnt + 1))
> setfacl -m d:g::r-x,d:o:r-x "${file}" 2>/dev/null \
> && success=$(expr $success + 1)
and this as success=$((success + 1))
> fi
> done
> # If no file needed treatment, or if all setfacl calls succeeded,
> # create the
Incomplete comment.
> [ $cnt -eq $success ] && touch "${GUARDFILE}"
> fi
>
>
> Thanks,
> Corinna
>
--
Eric Blake eblake@redhat.com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 620 bytes
Desc: OpenPGP digital signature
URL: <http://cygwin.com/pipermail/cygwin/attachments/20120302/75c9fd55/attachment.sig>
More information about the Cygwin
mailing list