This is the mail archive of the cygwin-developers@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Recent security improvements breaks proftpd


Pierre,

On Thu, Sep 18, 2003 at 07:34:14PM -0400, Pierre A. Humblet wrote:
> When you (being in Administrators, but with gid 10513) sign in
> through proftp, your supplementary groups (including Admins) are 
> stripped by setgroups(0, NULL). Consequently you loose access to
> your own mount table.

Bingo!  I just changed my (primary) gid to 544 and I can ftp now.

> So the root cause is old and not related to recent changes. 
> sec_none is used a lot in Cygwin. It should either be redefined 
> to include the user, or the default DACL in the process access
> token should be set to something sensible when starting Cygwin.
> I will come up with a long term solution.

Let me know if you need some help with testing.

Thanks,
Jason

-- 
PGP/GPG Key: http://www.tishler.net/jason/pubkey.asc or key servers
Fingerprint: 7A73 1405 7F2B E669 C19D  8784 1AFD E4CC ECF4 8EF6


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]