Corinna Vinschen wrote:
On Jul 29 15:36, D. Boland wrote:
Corinna Vinschen wrote:
The permissions of the home folder are set to 01777 by default (S_ISVTX
bit!). Since we can't rely on central administration for Cygwin, this
allows a user to create her own homedir automatically at
On Jul 29 15:36, D. Boland wrote:
Corinna Vinschen wrote:
The permissions of the home folder are set to 01777 by default (S_ISVTX
bit!). Since we can't rely on central administration for Cygwin, this
allows a user to create her own homedir automatically at first start of
a Cygwin shell.
Corinna Vinschen wrote:
The permissions of the home folder are set to 01777 by default (S_ISVTX
bit!). Since we can't rely on central administration for Cygwin, this
allows a user to create her own homedir automatically at first start of
a Cygwin shell.
You might consider to disable this
On Jul 28 10:07, D. Boland wrote:
Corinna Vinschen wrote:
On Jul 24 23:42, D. Boland wrote:
[...]
If I have Sendmail running in preferred mode (main program as
cyg_server, children running as 'smmsp', removed from admin group),
stat returns the wrong mode (rwxrwxrwx). As a
Hi Corinna,
Corinna Vinschen wrote:
Still, are you using setuid method 1 or another method? Is your home
dir the default /home/$USER as created from inside the Cygwin
environment? Any chance your home dir has an unusual ACL?
Did you set up sshd as service? If not, you might consider to
On Jul 28 13:42, D. Boland wrote:
Hi Corinna,
Corinna Vinschen wrote:
Still, are you using setuid method 1 or another method? Is your home
dir the default /home/$USER as created from inside the Cygwin
environment? Any chance your home dir has an unusual ACL?
Did you set up sshd
On Jul 28 13:53, Corinna Vinschen wrote:
On Jul 28 13:42, D. Boland wrote:
Thanks again for your help. I will announce the Sendmail release soon.
Thanks, but you need to send an ITA to cygwin-apps first.
s/ITA/ITP/
Sorry,
Corinna
--
Corinna Vinschen Please, send mails
On Jul 24 23:42, D. Boland wrote:
[...]
Sendmail checks if the user's home directories are group- or world
writable. It does this with 'stat'. If Sendmail is running in 'crude'
mode (main program and children running as the Sendmail 'smmsp' user,
made admin), stat returns the right file mode
On Jul 25 14:42, Corinna Vinschen wrote:
On Jul 24 23:42, D. Boland wrote:
[...]
Sendmail checks if the user's home directories are group- or world
writable. It does this with 'stat'. If Sendmail is running in 'crude'
mode (main program and children running as the Sendmail 'smmsp' user,
Corinna Vinschen wrote:
Oh, hang on. Is this using the default setuid method 1 and is your
home dir on a remote share, by any chance?
No. All file locations are local (C:\). I'll send you the output later on.
--
Problem reports: http://cygwin.com/problems.html
FAQ:
Hi Corinna,
Thanks for the reply.
Corinna Vinschen wrote:
On Jul 23 13:35, D. Boland wrote:
Corinna Vinschen wrote:
Not in relation to the uid. In contrast to Linux we don't have the one
single root user. We have potentially endless numbers of them, and one
of them, not
Hi Christopher,
Thanks for your reply.
Christopher Faylor wrote:
On Wed, Jul 23, 2014 at 08:08:07PM +0400, Andrey Repin wrote:
Greetings, D. Boland!
Cygwin security will be done for in the long run. Why not make the leap and
show MS admins/developers how it should be done?
You really
Greetings, D. Boland!
What I meant was that MS dicided to take away impersonation privileges from
the
SYSTEM user, without educating admins/developers about the new model or
alternatives
for SYSTEM.
There's no model, there's rights or capabilities, or privileges.
I searched the web
On Jul 24 08:52, D. Boland wrote:
In your previous mail, you propose the following function to check for 'root'
privileges, which an upstream maintainer could put in his code:
int
is_admin (uid_t uid)
{
#ifdef __CYGWIN__
return [getgrouplist(uid, ...) contains group 544];
#else [other
Hi Corinna,
Corinna Vinschen wrote:
But this only introduces a new function which she has to put into multiple
locations
of the original code. So again, why not just modify the 'getuid' function in
cygwin1.dll to return '0' if the current user is actually SYSTEM or one of
the
On 7/24/2014 5:42 PM, D. Boland wrote:
Hi Corinna,
Corinna Vinschen wrote:
But be careful. Just because there are multiple users with admin
permissions, that doesn't mean they all want their mail in the same
mailbox for user 0...
Things are actually worse than Corinna and others have
Hi Cygwin lovers,
After some weeks of serious compiling, researching, understanding, fixing,
testing
and compiling again, I managed to get the Sendmail source code compiled and
working.
But I had to compromise in some critical areas. One of them is the uid issue.
* sendmail, procmail,
D. Boland wrote:
But I had to compromise in some critical areas. One of them is the uid issue.
* sendmail, procmail, mail.local assume that the id of the privileged user is
'0'.
Isn't it about time to make this our First Directive also?
I thought sendmail used capabilities?
Isn't it
Linda Walsh wrote:
D. Boland wrote:
But I had to compromise in some critical areas. One of them is the uid
issue.
* sendmail, procmail, mail.local assume that the id of the privileged user
is '0'.
Isn't it about time to make this our First Directive also?
I thought sendmail
On Jul 23 10:06, D. Boland wrote:
Hi Cygwin lovers,
After some weeks of serious compiling, researching, understanding, fixing,
testing
and compiling again, I managed to get the Sendmail source code compiled and
working.
But I had to compromise in some critical areas. One of them is the
Hi Corinna,
Corinna Vinschen wrote:
Isn't it about time to make this our First Directive also?
Not in relation to the uid. In contrast to Linux we don't have the one
single root user. We have potentially endless numbers of them, and one
of them, not necessarily SYSTEM, is used to run
On 07/23/2014 07:35 AM, D. Boland wrote:
snip
It actually is my solution to running Sendmail: create the Sendmail user, called
'smmsp' and make it an Administrator, so it can impersonate users on my system.
But I don't like my solution, because this would mean I have to create an
admin-user
On Jul 23 13:35, D. Boland wrote:
Corinna Vinschen wrote:
Not in relation to the uid. In contrast to Linux we don't have the one
single root user. We have potentially endless numbers of them, and one
of them, not necessarily SYSTEM, is used to run the service. Keep in
mind that there
Greetings, D. Boland!
Hi Corinna,
Corinna Vinschen wrote:
Isn't it about time to make this our First Directive also?
Not in relation to the uid. In contrast to Linux we don't have the one
single root user. We have potentially endless numbers of them, and one
of them, not necessarily
On Wed, Jul 23, 2014 at 08:08:07PM +0400, Andrey Repin wrote:
Greetings, D. Boland!
Cygwin security will be done for in the long run. Why not make the leap and
show MS admins/developers how it should be done?
You really think they are all idiots?... Like, really?
Sure, why not. MS
25 matches
Mail list logo
