This is the mail archive of the cygwin mailing list for the Cygwin project.
| Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
|---|---|---|
| Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
| Other format: | [Raw text] | |
On Fri, Mar 18, 2011 at 04:41:49PM +0000, Andy Koppe wrote:
> On 18 March 2011 16:23, David Sastre wrote:
> > On Fri, Mar 18, 2011 at 02:17:14PM +0000, Andy Koppe wrote:
> >> On 18 March 2011 13:46, David Sastre wrote:
> >> > All [[, have been changed to a portable [ test.
> >> > I've changed `test -a' for a portable `test -e', and the -a operator
> >> > in the user's home ownership test to a chained test:
> >> >
> >> > elif [ ! -O "${HOME}" ] && [ "${HOME#/home/}" != "${HOME}" ]; then ...
> >>
> >> Even though that home ownership test was partly my idea, I think it
> >> should simply be dropped, because it doesn't actually address the
> >> security issue it was supposed to address and the warning is likely to
> >> cause unnecessary alarm to users with unusual yet legitimate setups.
> >
> > IIRC, the point was that some apps expect $HOME to be owned by the
> > user in order to operate correctly.
>
> Originally at least it was supposed to address this:
>
> http://www.cygwin.com/ml/cygwin-developers/2010-09/msg00007.html
>
> The $HOME warning doesn't address this because for example a
> maliciously prepared /home/$USER/.bash_profile would still get
> sourced.
>
> I can't remember other reasons.
OK. I'll drop it then.
--
Huella de clave primaria: 0FDA C36F F110 54F4 D42B D0EB 617D 396C 448B 31EB
Attachment:
signature.asc
Description: Digital signature
| Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
|---|---|---|
| Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |