This is the mail archive of the cygwin@sourceware.cygnus.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]

RE: Feedback needed on proposed cygwin feature



On Thursday, 4 December 1997 12:31, cgf@bbc.com [SMTP:cgf@bbc.com]
wrote:
> In article <34856623.C5226DBC@twinspot.net>,
> Tomas Fasth  <tomas.fasth@twinspot.net> wrote:
> >Modifying the exe file "on-the-fly" for environmental settings is not
to
> >recommend. Two of the reasons I can think of is:
> >
> >* Security considerations in a multiuser / multiprocess environment.
> 
> What security considerations are there that are not also present with
> any other scheme, whether it is using extended attributes or setting
options
> in the registry?  You would have to have the right privileges to
change
> the binary.

Modification of binary files in a multi-user environment is not a good
thing.  The registry is there, you may as well use it.  Something I have
not yet seen mentioned is the fact that each user can have a separate
profile in the registry, making it easy for each user to have different
settings.  Modifying the binary might get just a little frustrating if
someone else keeps changing it to the way THEY like things (unless you
want to fill your hdd with multiple copies of executables)
Also, for a user to be able to modify a binary, they would need write
access to that binary.  I suspect this would cause nightmares for sys
admins, not to mention the possibility of adding back doors directly
into the binaries themselves.  I bet a normal user can't modify any of
the shell binaries in a standard Unix setup.

> 
> >* Will cause problem in environments with active virus protection.
> 
> How does a virus detection program detect the difference between
installing
> a new version of bash or changing a byte in the existing file?

SOME virus protection schemes are now including a mechansim whereby any
changes to an executable file will raise a warning.  Norman Anitvirus is
one in particular that I have used that does this.  It's a bit of a pain
if you forget to disable that feature before installing any new
software.  If that installation tries to upgrade, for example, a dll
file, as most of them seem to do these days, the Virus detection kicks
in and gives you a warning.

The same thing would apply to modification of the executables as
suggested here.


-
For help on using this list (especially unsubscribing), send a message to
"gnu-win32-request@cygnus.com" with one line of text: "help".


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]