cygwin (rm -rf) ignores windows2000 security

Robert Collins robert.collins@itdomain.com.au
Mon Sep 17 17:12:00 GMT 2001


My 2c is that the c:/ directory still has everyone:full. That will allow
anyuse with or without cygwin to delete all child directories. (deleting
a file requires write to the directory it is in, deleting a directory
requires write to the directory above.)

Rob

> -----Original Message-----
> From: Ian Sidle [ mailto:macmouse4@yahoo.com ]
> Sent: Tuesday, September 18, 2001 10:06 AM
> To: cygwin@cygwin.com
> Cc: macmouse4@yahoo.com
> Subject: cygwin (rm -rf) ignores windows2000 security
> 
> 
> Rather interesting...
> 
> I am helping setup a lab of windows 2000 machines, for
> programming. We previously were using linux/unix
> machines but the district is FORCING us to use windows
> 2000... although they don't have the equipment needed
> for the move.. So we are still using the linux servers
> via telnet.. ::deep sigh:: don't get me started...
> 
> Anyway, as a perhaps semi-evil solution would be to
> use cygwin. Specifically for gcc programming, and can
> use the jdk from sun with the built in stuff (and
> inside cygwin as well, for those who want vi,etc).
> Using cygwin would be MUCH more prefered (not to
> meantion cheaper, less training, work,etc) then using
> borlan...
> 
> So I've been setting up an image which we would then
> put on the machines. So on it I install java, win2k
> updates,etc. Then put cygwin on (as administrator). I
> had inevertanly stubled across the problem, when I had
> frogotten I wasn't administrator.
> 
> Cygwin (I presume) runs as the user "administrator".
> So any security measures that apply to him are open.
> Although when trying to go to a protected directory I
> get a permissions denied as expected. I have done
> several experaments to find out what it has been
> doing...
> 
> So I can delete files that are in the home directory
> just fine. I can also go to the "c" drive by "cd C:".
> I had created several files and a folder at
> C:/test_folder/ and inside it had (test1 through 4
> .txt). Then manually set the folder to ONLY be used by
> "administrator" with full access. I can't cd into the
> directory , but I can delete files with "rm -rf".
> Although using just plain rm does not work. With rm
> -rf, I get the "permission denied" error, but it still
> deletes the file.
> 
> Also, interestingly, I also made a directory that was
> C:/test2. I had it so it was only administrator once
> again, but gave admin only read access. So I can't
> delete it with rm -rf.
> 
> When I try to delete/modify a file on a network
> server, it gets the access denied. This is probably
> obvious for it has to have a user athenticated.
> 
> This is a BIG security hole and suggest it be fixed
> ASAP. Although its not that big of a deal (only local
> file systems), and we can just reimage the machines.
> This could be a big problem for someone else. Also
> especially sence management might want to push some
> more, and have NO linux machines (would take a lot
> more pushing to get there) and have all files local.
> Then everyone's hard work coding can get toasted in
> one quick sweep.
> 
> Let me know what can be done about it, how this works
> ,etc. I don't know c++ (I can probably read it and
> find out whats going on) but can't really "code"
> (thats why I'm in the class) but I'll help out with
> what I can. 
> 
> thanks
> Ian
> 
> 
> __________________________________________________
> Do You Yahoo!?
> Get email alerts & NEW webcam video instant messaging with 
> Yahoo! Messenger
> http://im.yahoo.com
> 
> --
> Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
> Bug reporting:         http://cygwin.com/bugs.html
> Documentation:         http://cygwin.com/docs.html
> FAQ:                   http://cygwin.com/faq/
> 
> 

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/



More information about the Cygwin mailing list