This is the mail archive of the
cygwin-developers
mailing list for the Cygwin project.
Re: /home security problem
On 4 September 2010 09:35, Andy Koppe wrote:
>> On, second thoughts, the 'rename bogus home dir aside' bit won't work
>> for ordinary users, because they don't have the right to do so. So
>> perhaps have the 'SOMEONE ELSE OWNS YOUR HOME!' warning only?
>
> Hmm, no, that's not good enough either. I've got my Cygwin home set to
> my Windows home directory (C:\Users\Andy), and that's actually owned
> by the SYSTEM account.
How about something like this (the elif refers to 'if [ ! -d "${HOME}" ]'):
--- profile.orig 2010-09-04 10:01:27.885800000 +0100
+++ profile 2010-09-04 10:21:28.328200000 +0100
@@ -72,6 +72,8 @@
echo "Setting HOME to ${HOME}."
fi
+elif [ ! -O "$HOME" -a `/usr/bin/dirname "$HOME"` = /home ]; then
+ echo "WARNING: Your home directory at $HOME is owned by someone else!"
fi
Unfortunately that does incur a fork when the SYSTEM-owned Windows
user directory is used as the Cygwin home, but not for the default
case where the Cygwin home is in /home.
Actually a warning isn't sufficient here though, because the attacker
could have set up start up scripts in the bogus home directory that
could do anything. So normal shell startup shouldn't continue, but
what could be done instead?
Andy