This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: 1.7.10/1.7.11: .Net programs started from a cygwin console may fail.

On Feb 28 21:39, David Sastre Medina wrote:
> On Tue, Feb 28, 2012 at 03:17:54PM +0100, Corinna Vinschen wrote:
> > On Feb 28 08:51, Jon Clugston wrote:
> > > Just a guess, but it does look suspiciously like the name of an
> > > environment variable.  Wasn't there some discussion lately about
> > > differing case environment variables ("tmp" as opposed to "TMP")?
> > 
> > Dead on, thanks!  The definitions of tmp and temp in /etc/profile result
> > in a double definition of the %TMP% and %TEMP% dos variables from the
> > .Net applications POV and it's too dumb to handle that gracefully.
> > 
> > So the solution is, either we drop the tmp and temp definitions in
> > /etc/profile, or old .net apps should be started only after calling
> > `unset tmp temp' in bash.
> > 
> > Btw., tmp and temp are not preserved this way in tcsh's profile scripts.
> > So I'm wondering why we do it in /etc/profile.  Can somebody give me a
> > management summary?
> A while back (about the 3.x -> 4.x changes in base-files), it was
> agreed to unset both TMP and TEMP and set them to /tmp.
> A user concerned about the security of files owned by windows native 
> applications started within cygwin, reported that those files were
> created with 777 perms under /tmp, making it trivial for other users to
> read/copy temps files easily.

There's something wrong with this picture.

The default permissions of /tmp are 1777 from the POSIX point of view.
The created files have default permissions which depend on the umask.
For native Win32 application, the default permissions depend on the
setting of the inheritable default permissions.  And these are set so
that the files have default perms of 0755: 

  $ getfacl /tmp
  # file: /tmp
  # owner: somebody
  # group: Administrators

This should be entirely sufficent.

[...time passes...]

Oh.  I think I see why this happens.  The inheritable default permissions
are NOT set as above, but rather they are set like this:

  # file: /tmp
  # owner: somebody
  # group: Administrators

The culprit is setup.exe apparently.  If it sets 1777 permissions, it
uses the same permissions for the inheritable default permissions.  It
should remove the write bits before creating the inheritable default
permissions.  In Cygwin this is controlled by the umask, but setup
doesn't know about a umask.

So, the correct solution is to change setup.exe to create less dangerous
default permissions for the Win32 apps in case of 1777 dirs.  That makes
the tmp/temp stuff in etc/profile unnecessary.

The *big* problem are the already existing /tmp dirs with bad permissions
throughout the Cygwin users.

David, instead of setting tmp/temp, What about adding the following line
to /etc/profile?

  setfacl -m d:g::r-x,d:o:r-x /home /tmp /usr/tmp /var/log /var/run /var/tmp 2>/dev/null

That sets the list of directories created with 1777 permissions by
setup.exe itself to more sane permissions.  Maybe it could be combined
with a marker file, along these lines:

  if [ ! -f /etc/.177fix ]
    setfacl -m d:g::r-x,d:o:r-x /home /tmp /usr/tmp /var/log /var/run /var/tmp 2> /dev/null && touch /etc/.177fix

In the meantime I'll fix setup to create less dangerous default
permissions in the 1777 case.  Sigh, if I only had observed the issue
more closely when it cropped up the first time :(


Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

Problem reports:
Unsubscribe info:

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]