This is the mail archive of the
cygwin@cygwin.com
mailing list for the Cygwin project.
RE: cygwin (rm -rf) ignores windows2000 security
- To: "Ian Sidle" <macmouse4 at yahoo dot com>,<cygwin at cygwin dot com>
- Subject: RE: cygwin (rm -rf) ignores windows2000 security
- From: "Robert Collins" <robert dot collins at itdomain dot com dot au>
- Date: Tue, 18 Sep 2001 09:59:59 +1000
My 2c is that the c:/ directory still has everyone:full. That will allow
anyuse with or without cygwin to delete all child directories. (deleting
a file requires write to the directory it is in, deleting a directory
requires write to the directory above.)
Rob
> -----Original Message-----
> From: Ian Sidle [mailto:macmouse4@yahoo.com]
> Sent: Tuesday, September 18, 2001 10:06 AM
> To: cygwin@cygwin.com
> Cc: macmouse4@yahoo.com
> Subject: cygwin (rm -rf) ignores windows2000 security
>
>
> Rather interesting...
>
> I am helping setup a lab of windows 2000 machines, for
> programming. We previously were using linux/unix
> machines but the district is FORCING us to use windows
> 2000... although they don't have the equipment needed
> for the move.. So we are still using the linux servers
> via telnet.. ::deep sigh:: don't get me started...
>
> Anyway, as a perhaps semi-evil solution would be to
> use cygwin. Specifically for gcc programming, and can
> use the jdk from sun with the built in stuff (and
> inside cygwin as well, for those who want vi,etc).
> Using cygwin would be MUCH more prefered (not to
> meantion cheaper, less training, work,etc) then using
> borlan...
>
> So I've been setting up an image which we would then
> put on the machines. So on it I install java, win2k
> updates,etc. Then put cygwin on (as administrator). I
> had inevertanly stubled across the problem, when I had
> frogotten I wasn't administrator.
>
> Cygwin (I presume) runs as the user "administrator".
> So any security measures that apply to him are open.
> Although when trying to go to a protected directory I
> get a permissions denied as expected. I have done
> several experaments to find out what it has been
> doing...
>
> So I can delete files that are in the home directory
> just fine. I can also go to the "c" drive by "cd C:".
> I had created several files and a folder at
> C:/test_folder/ and inside it had (test1 through 4
> .txt). Then manually set the folder to ONLY be used by
> "administrator" with full access. I can't cd into the
> directory , but I can delete files with "rm -rf".
> Although using just plain rm does not work. With rm
> -rf, I get the "permission denied" error, but it still
> deletes the file.
>
> Also, interestingly, I also made a directory that was
> C:/test2. I had it so it was only administrator once
> again, but gave admin only read access. So I can't
> delete it with rm -rf.
>
> When I try to delete/modify a file on a network
> server, it gets the access denied. This is probably
> obvious for it has to have a user athenticated.
>
> This is a BIG security hole and suggest it be fixed
> ASAP. Although its not that big of a deal (only local
> file systems), and we can just reimage the machines.
> This could be a big problem for someone else. Also
> especially sence management might want to push some
> more, and have NO linux machines (would take a lot
> more pushing to get there) and have all files local.
> Then everyone's hard work coding can get toasted in
> one quick sweep.
>
> Let me know what can be done about it, how this works
> ,etc. I don't know c++ (I can probably read it and
> find out whats going on) but can't really "code"
> (thats why I'm in the class) but I'll help out with
> what I can.
>
> thanks
> Ian
>
>
> __________________________________________________
> Do You Yahoo!?
> Get email alerts & NEW webcam video instant messaging with
> Yahoo! Messenger
> http://im.yahoo.com
>
> --
> Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
> Bug reporting: http://cygwin.com/bugs.html
> Documentation: http://cygwin.com/docs.html
> FAQ: http://cygwin.com/faq/
>
>
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/