On Sep 17 13:59, David Sastre wrote: > Hello, > > Regarding the ITA of these packages, and the proposed patches, I have > some thoughts to share and discuss before I repackage them. > > 1 http://sourceware.org/ml/cygwin/2010-04/msg00521.html > case sensitivity of system32 dir (win7 and vista) > 2 http://cygwin.com/ml/cygwin/2010-02/msg00503.html > PS1 not inherited by interactive shells with a non interactive > ancestry > 3 http://sourceware.org/ml/cygwin/2010-05/msg00000.html > PS1 setting for *ksh shells > 4 Merging base-files and base passwd together. > 5 http://cygwin.com/ml/cygwin-developers/2010-09/msg00007.html > /home security problem > > 1 This is a simple fix, so it'd be applied. > > 2 This could be solved by redefinig the skeletal files for every shell > (more below). > > 3 This one might deserve some discussion: > Because of, as of now, the default shell in cygwin is bash, as I see it, > there are two possible approaches: > > a) base-files provides the skel defaults and profile.d/ for the bash shell > and delegates in the other shells' packages the way they want to set PS1, > and/or have /etc/${SYSTEM_WIDE_RC} and/or /etc/skel/.{USER_RC} and/or > /etc/profile.d/${CUSTOM_FILES} and/or update the alternatives system. > (bash->sh, tcsh->csh, mksh->ksh, etc...). > The same would apply for every shell (bash, mksh, tcsh, posh, dash). > This is currently the approach in the case of tcsh (except for > /etc/defaults/etc/profile.d/lang.csh) > > b) base-files provides skel defaults and profile.d customizations for > every shell (some are common: i.e. /etc/skel/.profile).
Tcsh is somewhat different from the other shells because it's using an entirly different script syntax. WHat's wrong with the proposed patch? The only problem I have with it is the fact that it uses tr and sed to find out what shell it's running in. There is probably a way to do this without starting more processes. Like this: read x < /proc/self/exename case "$x" in */bash) ... */dash|*/ash|*/sh) ... */ksh) ... */zsh) ... * ... > What do you people think? > > 4 Can we consider this? what are the circular dependencies in that scenario? > AFAICT, including base-passwd in base-files, and afterwards dropping > base-passwd dependencies anywhere else should be harmless. I agree with Chris. Let's keep them separate. I can imagine that the process to create default /etc/passwd and /etc/group files might change in the future (more intelligent, no such files at all, you name it), and there's no reason to change base-files in that case. > 5 As stated in the referenced thread, there is no way to prevent attackers > to create a user's home dir before she/he logins the first time other than > disallowing anyone but the Administrator to do that. > If the proposed workaround (issuing a warning if $HOME already exists and > is owned by someone else) is considered enough, I'll include it. > I haven't thought of anything better than that. It's good enough for a start. If we come up with a better solution, we can still change it, right? Thanks, Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Project Co-Leader cygwin AT cygwin DOT com Red Hat