This is the mail archive of the mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

RE: [Proposal] Moving user mount information to HKLM


>FWIW the HKLM user mounts would have the same security
>ramification (which is why it's not a generically viable solution).

True, but one could fine-tune access rights to "HKLM/Software/Cygwin" such

1) All users have "Create subkey" permission in "HKLM/...../Cygwin/Users".
2) All user specific information goes under a "Cygwin/Users/{SID}" subkey.
In addition to the default rights for local admin etc,  full access must be
granted to {SID}.

This would ensure that whoever is authorized to login would be able to
execute mount commands. Note that all keys down to "Users" need to be opened
for READ access only, otherwise RegOpenKey will fail with permission denied.

On another note, how about adding a flag to "mount" telling it that the
mount is NOT to be persisted, in a similar fashion to the "net use
/persistent:no"  command ? This would bypass the need to write to the
registry and unmount on exit.

Thanks again,

PS. For the archives:


The mount -u command fails if a domain user's registry hive is not
downloaded from the domain controller and no local hive cache exists.

Current workaround:

Our best workaround is to give all potential users FullControl permissions
to the "HKLM/Software" key, and mount everything as a system mount. The
security risks are that any user can modify/change/delete all registry
information under HKLM/Software.
There's a limit of about 25 mounts that can be created this way before
hitting a built-in limit of maximum 30 mount points per system+user.

Restricting write access to the "HKLM.../cygwin/mounts v2" subkey will still
result in a "Permission denied", since cygwin 1.3.12-2 tries to open all
HKLM keys (down to "HKLM/Software..../mounts v2") with write access.

Unsubscribe info:
Bug reporting:

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]