This is the mail archive of the cygwin-developers mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: /home security problem


On Sep  3 19:45, Andy Koppe wrote:
> On 3 September 2010 03:04, Dave Korn wrote:
> > On 02/09/2010 22:22, Andy Koppe wrote:
> >
> >> The /home directory has rwxrwxrwt rights. This allows anyone to create
> >> directories and files in /home, but due to the 'sticky' bit
> >> represented by the 't' at the end, only directory/file owners can
> >> delete them. So this allows /etc/profile to create a user's home
> >> directory, without allowing users to remove other users' home
> >> directories.
> >>
> >> Trouble is, users can create directories with any name in /home,
> >> including directories with the name of another user who hasn't yet
> >> logged in. When that user eventually does log in, (s)he'll end up with
> >> a home directory owned by someone else. This even works for
> >> administrators, i.e. I ended up being able as an ordinary user to
> >> delete files in an administrator's home directory.
> >>
> >> I've got no idea how to fix that short of changing the /home
> >> permissions to 775 and hence requiring an administrator to create any
> >> home directories (which of course is what happens on Linux).

The problem is that in a Cygwin installation it's expected that every
user creates its own home dir on first start of the shell.

In theory we would have to remove the "for all/just me" choice in
setup.exe and always install as admin.  However, for the home dir that
means that a user only can have a home dir if an admin created it first.
That's ok for Linux, but how is that supposed to work for Cygwin?  We
don't even have tools like useradd, usermod, etc, and many installations
of Cygwin are only tolerated by admins because they don't have to care.

> >
> > ÂWe could restructure the logic in /etc/profile to do something like
> >
> > Âif [ $HOME already exists ]
> > Â Âif [ $HOME owner uid != $user uid ]
> > Â Â Âissue warning and rename bogus home dir aside
> > Â Âfi
> > Âfi
> >
> > just before the current
> >
> > Âif [ $HOME doesn't exist ]
> > Â Âcopy it from /etc/skel, issuing the standard first-run message.
> > Âfi
> >
> > bit. Â(Sorry pseudocode only.)
> 
> Good idea. I see bash has a built-in test for whether a file belongs
> to the current user (-O file), so this could probably be done without
> incurring another fork.

Sounds like a helpful workaround.  John?  Any chance you can tweak
/etc/profile accordingly?


Thanks,
Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]