On 18 March 2011 16:23, David Sastre wrote:
> On Fri, Mar 18, 2011 at 02:17:14PM +0000, Andy Koppe wrote:
>> On 18 March 2011 13:46, David Sastre wrote:
>> > All [[, have been changed to a portable [ test.
>> > I've changed `test -a' for a portable `test -e', and the -a operator
>> > in the user's home ownership test to a chained test:
>> >
>> > elif [ ! -O "${HOME}" ] && [ "${HOME#/home/}" != "${HOME}" ]; then ...
>>
>> Even though that home ownership test was partly my idea, I think it
>> should simply be dropped, because it doesn't actually address the
>> security issue it was supposed to address and the warning is likely to
>> cause unnecessary alarm to users with unusual yet legitimate setups.
>
> IIRC, the point was that some apps expect $HOME to be owned by the
> user in order to operate correctly.Originally at least it was supposed to address this: http://www.cygwin.com/ml/cygwin-developers/2010-09/msg00007.html The $HOME warning doesn't address this because for example a maliciously prepared /home/$USER/.bash_profile would still get sourced. I can't remember other reasons. Andy -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
