| www.delorie.com/archives/browse.cgi | search |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| X-SWARE-Spam-Status: | No, hits=-6.9 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_HI,SPF_HELO_PASS,T_RP_MATCHES_RCVD |
| X-Spam-Check-By: | sourceware.org |
| Message-ID: | <4F50B62E.5090201@redhat.com> |
| Date: | Fri, 02 Mar 2012 04:59:42 -0700 |
| From: | Eric Blake <eblake AT redhat DOT com> |
| User-Agent: | Mozilla/5.0 (X11; Linux x86_64; rv:10.0.1) Gecko/20120216 Thunderbird/10.0.1 |
| MIME-Version: | 1.0 |
| To: | cygwin AT cygwin DOT com |
| Subject: | Re: base-files: New files to fix permission issues (was Re: 1.7.10/1.7.11: .Net programs started from a cygwin console may fail.) |
| References: | <70952A932255A2489522275A628B97C3129F49F7 AT xmb-sjc-233 DOT amer DOT cisco DOT com> <20120301100820 DOT GC2257 AT calimero DOT vinschen DOT de> <20120302104605 DOT GF14404 AT calimero DOT vinschen DOT de> |
| In-Reply-To: | <20120302104605.GF14404@calimero.vinschen.de> |
| OpenPGP: | url=http://people.redhat.com/eblake/eblake.gpg |
| X-IsSubscribed: | yes |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Id: | <cygwin.cygwin.com> |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sourceware.org/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
--------------enig11AECBBC55786C2A13D6432B
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
On 03/02/2012 03:46 AM, Corinna Vinschen wrote:
> On Mar 1 11:08, Corinna Vinschen wrote:
>> # Fix a problem introduced by older versions of setup.exe
>> [...]
>=20
> David, ping? Can we add the below two files to base-files asap and
> remove the tmp/temp workaround, please?
>=20
> /etc/profile.d/1777fix.csh:
>=20
> #!/bin/tcsh
> # Fix a problem introduced by older versions of setup.exe
> # Read comments in /etc/profile.d/1777fix.sh for more information.
> set GUARDFILE =3D "/etc/.1777fix"
> if ( ! -f "${GUARDFILE}" ) then
> /bin/bash /etc/profile.d/1777fix.sh
> endif
>=20
> /etc/profile.d/1777fix.sh:
>=20
> #!/bin/bash
As long as we're requiring bash,...
> # Fix a problem introduced by older versions of setup.exe
> # Directories with 1777 permissions were erroneously created
> # with 777 inheritable default permissions. This is a security
> # problem for non-Cygwin apps using these folders. This is
> # especially tragic in case of /tmp.
> GUARDFILE=3D"/etc/.1777fix"
> DIRLIST=3D"/home /tmp /usr/tmp /var/log /var/run"
> if [ ! -f "${GUARDFILE}" ]
> then
> cnt=3D0
> success=3D0
> for file in ${DIRLIST}
> do
> # We test if the default group or other permissions are rwx.
> # If so, it's dangerous and highly likely that these are still
> # the permissions set by setup.exe
> if getfacl "${file}" | grep -Eq 'default:(group:|other):rwx'
Is it worth converting this to case/esac for one fewer child process?
> then
> cnt=3D$(expr $cnt + 1)
...this should be written cnt=3D$((cnt + 1))
> setfacl -m d:g::r-x,d:o:r-x "${file}" 2>/dev/null \
> && success=3D$(expr $success + 1)
and this as success=3D$((success + 1))
> fi
> done
> # If no file needed treatment, or if all setfacl calls succeeded,
> # create the
Incomplete comment.
> [ $cnt -eq $success ] && touch "${GUARDFILE}"
> fi
>=20
>=20
> Thanks,
> Corinna
>=20
--=20
Eric Blake eblake AT redhat DOT com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
--------------enig11AECBBC55786C2A13D6432B
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Public key at http://people.redhat.com/eblake/eblake.gpg
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBCAAGBQJPULYuAAoJEKeha0olJ0NqrzQH/1h7WaVfR0im0FuOTrkbV6A+
TUSL5tA7d8esWfpDvwzd/fmpRwDNahwWF2P5b5ukKsHS8t7w4cLmlwQrohi7bFgM
/PxewLDxozou5FxXkNNQGkMqfgrCrlDmtemhqLuRkBPJm2p5GdwYmXLnyhOH/UkH
6xTxLiPUiBNvE/mElgFjL5uOGpIU2Bu1Z6M8QgCkAkucEr9iO44gfcpOUL5SKzFz
2k2EX0KvPzJj1xx3ysJ9vwted728tcsBuFwSsysW9qzSlGN3X6P5v0cX3gP6anTN
n9MlnxsTOspoZlEphpxjVk7FrhnwQgctD1uRDRrFfmxkKckWtp/YAjWgEg3JbwQ=
=+QNl
-----END PGP SIGNATURE-----
--------------enig11AECBBC55786C2A13D6432B--
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |