Corinna Vinschen wrote:
>
> On Jul 29 15:36, D. Boland wrote:
> > Corinna Vinschen wrote:
> > > The permissions of the home folder are set to 01777 by default (S_ISVTX
> > > bit!). Since we can't rely on central administration for Cygwin, this
> > > allows a user to create her own homedir automat
On Jul 29 15:36, D. Boland wrote:
> Corinna Vinschen wrote:
> > The permissions of the home folder are set to 01777 by default (S_ISVTX
> > bit!). Since we can't rely on central administration for Cygwin, this
> > allows a user to create her own homedir automatically at first start of
> > a Cygwin
Corinna Vinschen wrote:
> The permissions of the home folder are set to 01777 by default (S_ISVTX
> bit!). Since we can't rely on central administration for Cygwin, this
> allows a user to create her own homedir automatically at first start of
> a Cygwin shell.
>
> You might consider to disable t
On Jul 28 13:53, Corinna Vinschen wrote:
> On Jul 28 13:42, D. Boland wrote:
> > Thanks again for your help. I will announce the Sendmail release soon.
>
> Thanks, but you need to send an ITA to cygwin-apps first.
s/ITA/ITP/
Sorry,
Corinna
--
Corinna Vinschen Please, send mai
On Jul 28 13:42, D. Boland wrote:
> Hi Corinna,
>
> Corinna Vinschen wrote:
> >
> > Still, are you using setuid method 1 or another method? Is your home
> > dir the default /home/$USER as created from inside the Cygwin
> > environment? Any chance your home dir has an unusual ACL?
> >
> > Did y
Hi Corinna,
Corinna Vinschen wrote:
>
> Still, are you using setuid method 1 or another method? Is your home
> dir the default /home/$USER as created from inside the Cygwin
> environment? Any chance your home dir has an unusual ACL?
>
> Did you set up sshd as service? If not, you might consid
On Jul 28 10:07, D. Boland wrote:
> Corinna Vinschen wrote:
> > On Jul 24 23:42, D. Boland wrote:
> > > [...]
> > > If I have Sendmail running in preferred mode (main program as
> > > cyg_server, children running as 'smmsp', removed from admin group),
> > > stat returns the wrong mode (rwxrwxrwx).
Corinna Vinschen wrote:
> Oh, hang on. Is this using the default setuid method 1 and is your
> home dir on a remote share, by any chance?
No. All file locations are local (C:\). I'll send you the output later on.
--
Problem reports: http://cygwin.com/problems.html
FAQ: h
On Jul 25 14:42, Corinna Vinschen wrote:
> On Jul 24 23:42, D. Boland wrote:
> > [...]
> > Sendmail checks if the user's home directories are group- or world
> > writable. It does this with 'stat'. If Sendmail is running in 'crude'
> > mode (main program and children running as the Sendmail 'smmsp'
On Jul 24 23:42, D. Boland wrote:
> [...]
> Sendmail checks if the user's home directories are group- or world
> writable. It does this with 'stat'. If Sendmail is running in 'crude'
> mode (main program and children running as the Sendmail 'smmsp' user,
> made admin), stat returns the right file m
On 7/24/2014 5:42 PM, D. Boland wrote:
> Hi Corinna,
>
> Corinna Vinschen wrote:
>> But be careful. Just because there are multiple users with admin
>> permissions, that doesn't mean they all want their mail in the same
>> mailbox for user 0...
Things are actually worse than Corinna and others h
Hi Corinna,
Corinna Vinschen wrote:
> > But this only introduces a new function which she has to put into multiple
> > locations
> > of the original code. So again, why not just modify the 'getuid' function in
> > cygwin1.dll to return '0' if the current user is actually SYSTEM or one of
> > the
On Jul 24 08:52, D. Boland wrote:
> In your previous mail, you propose the following function to check for 'root'
> privileges, which an upstream maintainer could put in his code:
>
> int
> is_admin (uid_t uid)
> {
> #ifdef __CYGWIN__
> return [getgrouplist(uid, ...) contains group 544];
> #else
Greetings, D. Boland!
> What I meant was that MS dicided to take away impersonation privileges from
> the
> SYSTEM user, without educating admins/developers about the new model or
> alternatives
> for SYSTEM.
There's no "model", there's "rights" or "capabilities", or "privileges".
> I searched
Hi Christopher,
Thanks for your reply.
Christopher Faylor wrote:
>
> On Wed, Jul 23, 2014 at 08:08:07PM +0400, Andrey Repin wrote:
> >Greetings, D. Boland!
> >> Cygwin security will be done for in the long run. Why not make the leap and
> >> show MS admins/developers how it should be done?
> >
>
Hi Corinna,
Thanks for the reply.
Corinna Vinschen wrote:
>
> On Jul 23 13:35, D. Boland wrote:
> > Corinna Vinschen wrote:
> > > Not in relation to the uid. In contrast to Linux we don't have the one
> > > single root user. We have potentially endless numbers of them, and one
> > > of them, n
On Wed, Jul 23, 2014 at 08:08:07PM +0400, Andrey Repin wrote:
>Greetings, D. Boland!
>> Cygwin security will be done for in the long run. Why not make the leap and
>> show MS admins/developers how it should be done?
>
>You really think they are all idiots?... Like, really?
Sure, why not. MS admin
Greetings, D. Boland!
> Hi Corinna,
> Corinna Vinschen wrote:
>>
>> > Isn't it about time to make this our First Directive also?
>>
>> Not in relation to the uid. In contrast to Linux we don't have the one
>> single root user. We have potentially endless numbers of them, and one
>> of them, n
On Jul 23 13:35, D. Boland wrote:
> Corinna Vinschen wrote:
> > Not in relation to the uid. In contrast to Linux we don't have the one
> > single root user. We have potentially endless numbers of them, and one
> > of them, not necessarily SYSTEM, is used to run the service. Keep in
> > mind that
On 07/23/2014 07:35 AM, D. Boland wrote:
It actually is my solution to running Sendmail: create the Sendmail user, called
'smmsp' and make it an Administrator, so it can impersonate users on my system.
But I don't like my solution, because this would mean I have to create an
admin-user
for an
Hi Corinna,
Corinna Vinschen wrote:
>
> > Isn't it about time to make this our First Directive also?
>
> Not in relation to the uid. In contrast to Linux we don't have the one
> single root user. We have potentially endless numbers of them, and one
> of them, not necessarily SYSTEM, is used to
On Jul 23 10:06, D. Boland wrote:
> Hi Cygwin lovers,
>
> After some weeks of serious compiling, researching, understanding, fixing,
> testing
> and compiling again, I managed to get the Sendmail source code compiled and
> working.
>
> But I had to compromise in some critical areas. One of them
Linda Walsh wrote:
>
> D. Boland wrote:
> > But I had to compromise in some critical areas. One of them is the uid
> > issue.
> >
> > * sendmail, procmail, mail.local assume that the id of the privileged user
> > is '0'.
> >
> > Isn't it about time to make this our First Directive also?
> >
> >
D. Boland wrote:
But I had to compromise in some critical areas. One of them is the uid issue.
* sendmail, procmail, mail.local assume that the id of the privileged user is
'0'.
Isn't it about time to make this our First Directive also?
I thought sendmail used capabilities?
Isn't it abou
Hi Cygwin lovers,
After some weeks of serious compiling, researching, understanding, fixing,
testing
and compiling again, I managed to get the Sendmail source code compiled and
working.
But I had to compromise in some critical areas. One of them is the uid issue.
* sendmail, procmail, mail.loc
25 matches
Mail list logo
