Recent security improvements breaks proftpd

Jason Tishler
Fri Sep 19 18:28:00 GMT 2003


On Thu, Sep 18, 2003 at 07:34:14PM -0400, Pierre A. Humblet wrote:
> When you (being in Administrators, but with gid 10513) sign in
> through proftp, your supplementary groups (including Admins) are 
> stripped by setgroups(0, NULL). Consequently you loose access to
> your own mount table.

Bingo!  I just changed my (primary) gid to 544 and I can ftp now.

> So the root cause is old and not related to recent changes. 
> sec_none is used a lot in Cygwin. It should either be redefined 
> to include the user, or the default DACL in the process access
> token should be set to something sensible when starting Cygwin.
> I will come up with a long term solution.

Let me know if you need some help with testing.


PGP/GPG Key: or key servers
Fingerprint: 7A73 1405 7F2B E669 C19D  8784 1AFD E4CC ECF4 8EF6

More information about the Cygwin-developers mailing list