login -p disabling leads to Windows failures -- as it expects its ENV to remain instact for new processes

Linda Walsh cygwin@tlinx.org
Wed Oct 8 22:08:00 GMT 2014


Eric Blake wrote:
> On 10/08/2014 01:55 PM, Linda Walsh wrote:
>   
>> I get this message the 1st time logging in via 'rlogin':
>>     
>
> You do realize, of course, that rlogin is a security hole, and that you
> really ought to consider using something more secure like ssh if you are
> trying to use it outside the boundaries of a heavily-firewalled intranet?
> http://cc-ipcp.icp.ac.ru/Section1.2.html
>   
No, ??? security hole?  Depends on your security policy.   People cannot 
talk about rlogin
being a "security hole" -- only in the context of specific usage.

"/bin/sh" "is a security hole" under the wrong security policy...  It's 
not the program,
but how it is used!  Don't blame the poor program!  ;-)


In any event, only local-subnet, non-routable hosts are in the ".rhosts". 
Had problems making localhost work, but might try again....

I'm trying to use it to login from the same machine into itself.

and heavily-firewalled?... um...
not exactly, but it isn't on the internet (has to use an http-proxy to 
get out)...

Theoretically, a tunnel could be created through the proxy (http or 
socks), that
could allow someone to run the command to access the local host. or if I ran
MS's TCP6 helper that sets up connectivity through firewalls via proxies
automatically when you get win7 out of the box (not sure about sp1.. 
might have
made it non-default)...

But....the real problem is "login"...

Corinna "corrupted" the cygwin version:

       -p     Used by getty(8) to tell login not to destroy  the  
environment.
              This is disabled in the Cygwin version.

---
Thus I log in, but random things fail because standard Windows security
environment that windows expects to be there, ISN'T.


...even cygwin uses many of these vars to setup the user's environment.

Things like:

Path after cygwin clears it:
 (Note, since windows loads it's libraries via the PATH, Note Windows
dirs are not in path:

PATH=/Users/law.Bliss/bin/lib:/usr/sbin:.:/prog64/vim:/usr/bin:/sbin:/prog

(Normal path using a console window:

>  echo $PATH
/Users/law.Bliss/bin/lib:/usr/sbin:.:/prog64/vim:/usr/bin:/sbin:/prog/sysinternals/cmd:/prog/sysinternals:/Windows/system32:/Windows:/Windows/System32/Wbem:/Windows/System32/WindowsPowerShell/v1.0:/Prog/Common 
Files/DivX Shared:/Prog/NVIDIA Corporation/PhysX/Common:/Prog64/VanDyke 
Software/Clients:/Prog64/NVIDIA GPU Computing 
Toolkit/CUDA/v4.0/bin:/Prog/NVIDIA Corporation/Cg/bin:/Prog/NVIDIA 
Corporation/Cg/bin.x64:/Prog/QuickTime:/Prog/Microsoft SQL 
Server/110/Tools/Binn:/Prog/Microsoft SQL Server/110/DTS/Binn:/Program 
Files/Microsoft SQL Server/110/Tools/Binn:/Prog/Microsoft SQL 
Server/110/DTS/Binn:/Users/law.Bliss/bin:/usr/local/bin:/etc/local/func_lib

---

If cygwin wants to clear env and start with an unchanged copy
out of the registry, that's fine... but leaving them (there were about
2x more than I list below) out make many programs
 designed for cygwin (on windows), fail like:

bin/dumphive: line 11: USERPROFILE: unbound variable
3564 (process ID) old priority 19, new priority 19
bin/dumphive: line 11: USERPROFILE: unbound variable

Root has problems getting any shell:

>  rlogin -l root athenae
Password:
rlogin: connection closed.
>  rlogin -l Bliss\\root athenae
Password:
cygwin warning:
  MS-DOS style path detected: 
/Windows/System32/cygwin/usr/spool/mail/Bliss/root
  Preferred POSIX equivalent is: 
/Windows/System32/cygwin/usr/spool/mail/Bliss/root
  CYGWIN environment variable option "nodosfilewarning" turns off this 
warning.
  Consult the user's guide for more details about POSIX paths:
    http://cygwin.com/cygwin-ug-net/using.html#using-pathnames
rlogin: connection closed.

--- There's that warning again...


missing vars:


ALLUSERSPROFILE=C:\ProgramData                                            
APPDATA=C:\Users\law.Bliss\AppData\Roaming                                 
                         
CLASSPATH=.;"C:\Prog\Java\jre7\lib\ext\QTJava.zip";C:\Program Files (x86)\
COMMONPROGRAMFILES=C:\Program Files\Common Files                          
CYGWIN=system nodosfilewarning winsymlinks:native export                  
CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files               
HISTFILE=/Users/law.Bliss/.histAthenae_cons0                              
HOMEDRIVE=C:                                                              
HOMEPATH=\Users\law.Bliss                                                 
LOCALAPPDATA=C:\Users\law.Bliss\AppData\Local                             
LOGONSERVER=\\ISHTAR                                                      
OS=Windows_NT                                                             
PATH=/Users/law.Bliss/bin/lib:/usr/sbin:.:/prog64/vim:/usr/bin:/sbin:/prog
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC             
PROGRAMFILES=C:\Program Files                                             
PSModulePath=C:\Windows\system32\WindowsPowerShell\v1.0\Modules\          
PUBLIC=C:\Users\Public                                                    
ProgramData=C:\ProgramData                                                
ProgramFiles(x86)=C:\Program Files (x86)                                  
ProgramW6432=C:\Program Files                                             
QTJAVA=C:\Program Files 
(x86)\Java\jre6\lib\ext\QTJava.zip                                               

SESSIONNAME=Console                    
SHELL=C:/Bin/Bash.exe                  
SYSTEMDRIVE=C:                         
TEMP=/tmp
TERM=cygwin    
TMP=/tmp
USERDOMAIN=Bliss
USERDOMAIN_ROAMINGPROFILE=Bliss
USERNAME=law   
USERPROFILE=C:\Users\law.Bliss 
VIMRUNTIME=C:/Prog64/Vim



--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple



More information about the Cygwin mailing list