This is the mail archive of the
cygwin
mailing list for the Cygwin project.
Re: CSIH file permission tests on non-NTFS broken (was Re: ssh-host-config script fails)
On Jul 31 00:53, Charles Wilson wrote:
> Corinna Vinschen wrote:
>>>> Eeek! You're using FAT32 on a NT based OS? This isn't such a good
>>>> idea, actually. There's no security and no permission settings on FAT.
>>>> The csih script seems to miss the fact that the directory is on a
>>>> non-NTFS drive which isn't capable of setting permissions. Given that
>>>> you're installing ssh, which is a paranoid secure playing package,
>>>> that's actually a good idea. Ever thought of running convert.exe on
>>>> your drive? ;)
>>>> Nevertheless that should be changed in csih.
>>> Could you have a look into this, please?
>
> I'm not sure what you think csih should do, here. The whole point is that
> we know services require certain things of the system directories, or they
> won't work. Are you suggesting that csih just ignore that, and pretend to
> correctly install sshd on a FAT32 system?
>
> Only to have sshd itself fail for some hard-for-a-newbie-to-diagnose
> reason?
Sshd won't fail on FAT32 since it checks the file system capbailities
before checking for strict permissions.
> Perhaps, rather than checking:
> # daemons need access to subdirs, so need traverse permissions...
> if ! csih_check_dir_perms "${LOCALSTATEDIR}" d..x..x..x ; then ERROR
>[...]
> in _csih_setup() (which is called by the main csih entry points), those
> permission checks could be delegated to the foo_install scripts which know
> more about their own specific requirements, rather than the fairly general
> requirements above?
>
> Or are you saying that csih should still perform those general checks, but
> first:
> if the drive on which ${LOCALSTATEDIR} lives is
> (1) FAT32
> (2) nontsec
> (3) on a server and nosmbntsec
> then issue a big fat warning, and in that case skip the
> permissions tests? What about 1.7 and the acl flag?
A check for non-NTFS should be sufficient for now, IMHO. It's bad
enough to run an OS on such an insecure file system, but it's hard to
enforce upgrading to NTFS. However, ntsec and smbntsec are dead in the
water and I don't think we should encourage usage of noacl more than
necessary, especially for sensitive services.
> ASIDE:
> csih_check_basic_mounts
> csih_check_sys_mount
> might need to be revisited for 1.7
>
> FYI, the other changes to csih that you requested are actually rather more
> involved than you would suspect. I've worked on it a bit, but haven't been
> able to test it yet. Stay tuned.
Ok, no worries,
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Project Co-Leader cygwin AT cygwin DOT com
Red Hat
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/