X-Recipient: archive-cygwin@delorie.com
X-Original-To: cygwin@cygwin.com
Delivered-To: cygwin@cygwin.com
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org B7A053858D28
Authentication-Results: sourceware.org; dmarc=none (p=none dis=none)
 header.from=SystematicSw.ab.ca
Authentication-Results: sourceware.org;
 spf=none smtp.mailfrom=systematicsw.ab.ca
X-Authority-Analysis: v=2.4 cv=Ov8sdwzt c=1 sm=1 tr=0 ts=616c5ba3
 a=T+ovY1NZ+FAi/xYICV7Bgg==:117 a=T+ovY1NZ+FAi/xYICV7Bgg==:17
 a=IkcTkHD0fZMA:10 a=NvJIefd1AAAA:8 a=yMhMjlubAAAA:8 a=uYT-Tk0qkVT609LjNaIA:9
 a=QEXdDO2ut3YA:10 a=ogbyGQH7ugUA:10 a=zGUkOKmOs2wA:10
 a=Z11pERy037KCMjAKJWwP:22
To: cygwin@cygwin.com
From: Brian Inglis <Brian.Inglis@SystematicSw.ab.ca>
Organization: Systematic Software
Subject: Windows October Update Patch Could Affect Symlinks
Message-ID: <f0b67f08-611f-d198-258a-4deb28f86ac5@SystematicSw.ab.ca>
Date: Sun, 17 Oct 2021 11:21:39 -0600
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101
 Thunderbird/78.14.0
MIME-Version: 1.0
Content-Language: en-CA
X-CMAE-Envelope: MS4xfBt+afXLDn4gCX8eC9InPWzA/I5molwxI4HA/XVoD4m+gzcdgBXvau+Nf0Yq3Pz3dqEceUH7yUyzobBnia80p55fC3sVOuPqVKcPauJVcU57QYW7HSQS
 4KdFKXCDFIsG7VIKYLhkicKQzfJgW0MecJQ+X2DEF7FcrZnLsD3j36OgFrsKjm4HWHgNhQ2oRLBWpYRgVQTl6FBmLHFlqmcOdnQ=
X-Spam-Status: No, score=-1159.3 required=5.0 tests=BAYES_00,
 INDUSTRIAL_SUBJECT, KAM_DMARC_STATUS, KAM_LAZY_DOMAIN_SECURITY,
 RCVD_IN_BARRACUDACENTRAL, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H3,
 RCVD_IN_MSPIKE_WL, SPF_HELO_NONE, SPF_NONE,
 TXREP autolearn=no autolearn_force=no version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
 server2.sourceware.org
X-BeenThere: cygwin@cygwin.com
X-Mailman-Version: 2.1.29
List-Id: General Cygwin discussions and problem reports <cygwin.cygwin.com>
List-Archive: <https://cygwin.com/pipermail/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-request@cygwin.com?subject=help>
List-Subscribe: <https://cygwin.com/mailman/listinfo/cygwin>,
 <mailto:cygwin-request@cygwin.com?subject=subscribe>
Reply-To: cygwin@cygwin.com
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Sender: "Cygwin" <cygwin-bounces+archive-cygwin=delorie.com@cygwin.com>

While checking Windows October update patches found a vague reference to 
a new Windows update patch affecting symlinks in the article:

https://www.computerworld.com/article/3637013/four-zero-day-exploits-add-urgency-to-octobers-patch-tuesday.html

"On the topic of lesser-used Windows features, the Microsoft NTFS file 
system was updated to include a fix for symbolic links (helpful with 
UNIX migrations). If you are in the middle of a large UNIX migration, 
you may want to pause things a little and test out some large (and 
parallel) file transfers before deploying this update."

Could not find anything definite about this patch or its effects or 
whether it will create any issues. So this is just a heads up about 
potential issues implied by the article. If anyone can find the actual 
patch and any docs documenting potential changes or issues that may help.

The article's links to overview and generic articles on NTFS and 
symlinks did not help:

https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/create-symbolic-links#security-considerations

pointing to existing:

https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/fsutil-behavior

On my system, that shows:

Elevated > fsutil behavior set symlinkevaluation /? | grep -E "sym|link"
...
symlinkEvaluation	{L2L|L2R|R2R|R2L}:{0|1} [...]
...
Sample SymlinkEvaluation command:
	"fsutil behavior set symlinkEvaluation L2L:1 L2R:0"
	- Will enable local to local symbolic links and disable local to
	remote symbolic links. It will not change the state of remote to
	remote links or remote to local links.
	- This operation takes effect immediately (no reboot required)
...
Elevated > fsutil behavior query symlinkevaluation
Local to local symbolic links are enabled.
Local to remote symbolic links are enabled.
Remote to local symbolic links are disabled.
Remote to remote symbolic links are disabled.
...

-- 
Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada

This email may be disturbing to some readers as it contains
too much technical detail. Reader discretion is advised.
[Data in binary units and prefixes, physical quantities in SI.]

-- 
Problem reports:      https://cygwin.com/problems.html
FAQ:                  https://cygwin.com/faq/
Documentation:        https://cygwin.com/docs.html
Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple