This is the mail archive of the cygwin-xfree@cygwin.com mailing list for the Cygwin XFree86 project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

nt domain security issues with cygwin dll 1.3.13-2

From: David Meleedy <david dot meleedy at analog dot com>
To: cygwin-xfree at cygwin dot com
Date: Tue, 22 Oct 2002 07:15:21 -0400
Subject: nt domain security issues with cygwin dll 1.3.13-2
Reply-to: cygwin-xfree at cygwin dot com

this is FYI, a startx problem that ends up being
an NT domain issue.

I had reported a problem where startx was failing due to
the X server not accepting connections.  It was pointed
out to me that from 1.3.12-4 to 1.3.13-2, the ntsec
option was on by default and this would affect NT domain
machines (which is what I am using on my Windows 2000 machine).

So here is the symptoms of the problem on a UID basis:

DMELEEDY-D01-13: id
uid=500(AdiPcAdmin) gid=544(Administrators) groups=544(Administrators)
DMELEEDY-D01-14: touch foo
DMELEEDY-D01-15: ls -l foo
DMELEEDY-D01-16: ls -l foo
-rw-r--r--    1 7469 Administ        0 Oct 22 03:41 foo

As you can see, with 1.3.13-2, the file is owned by UID "7469" not
500.

If I revert to the old dll, 1.3.13-2, the same file (not recreated):

DMELEEDY-D01-3: ls -l foo
-rw-r--r--    1 AdiPcAdm Administ        0 Oct 22 03:41 foo

has the correct file permissions.

So it was suggested that I use, mkpasswd to fix the problem.
The problem with this is that my machine was set up by my
corporation to use an NT domain, but it would not be connected
to that domain unless I use VPN.  So without VPN running, this
is what happened:

DMELEEDY-D01-1: mkpasswd -d -u AdiPcAdm
mkpasswd: [2453] Could not find domain controller for this domain

So then I connected with VPN to see if I could do it after that:

DMELEEDY-D0102: mkpasswd -d -u AdiPcAdm
mkpasswd: [2221] The user name could not be found.

Now this machine was set up with it's own local domain, so that
is probably why it couldn't find the domain controller in the first
case, and then in the 2nd case the domain controller didn't
know anything about my local accounts.

So, another problem I saw is when I reinstalled cygwin with the new
dll, some files weren't being created properly, I remember seeing
flashing by something about permissions not being correct to create
the /var/spool/texmf/ls-R file, and indeed that file is 0 bytes long.

So other than preventing "startx" from working, this is breaking
the basic install process for other packages as well.

What can be done to fix this?

Is there a way to shut off ntsec so I can get things working with the new dll?

Please let me know if I can supply you with any further
information.  Also, I will be glad to help debug any tests
you may set up.  Just tell me the details of how to download
any test code.

Thanks,

-Dave

________________________________________________________________________
David Meleedy				Analog Devices, Inc.
David.Meleedy@analog.com		Three Technology Way
Phone: 617 461 3494			Norwood, MA  02062-9106  USA

Follow-Ups:
- RE: nt domain security issues with cygwin dll 1.3.13-2
  - From: Harold L Hunt II

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]