This is the mail archive of the cygwin-developers mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: /home security problem


On 4 September 2010 11:07, Corinna Vinschen wrote:
> On Sep Â4 10:32, Andy Koppe wrote:
>> On 4 September 2010 09:35, Andy Koppe wrote:
>> >> On, second thoughts, the 'rename bogus home dir aside' bit won't work
>> >> for ordinary users, because they don't have the right to do so. So
>> >> perhaps have the 'SOMEONE ELSE OWNS YOUR HOME!' warning only?
>> >
>> > Hmm, no, that's not good enough either. I've got my Cygwin home set to
>> > my Windows home directory (C:\Users\Andy), and that's actually owned
>> > by the SYSTEM account.
>>
>> How about something like this (the elif refers to 'if [ ! -d "${HOME}" ]'):
>>
>> --- profile.orig    Â2010-09-04 10:01:27.885800000 +0100
>> +++ profile   2010-09-04 10:21:28.328200000 +0100
>> @@ -72,6 +72,8 @@
>>
>> Â Â Â Â Â Â Â Â echo "Setting HOME to ${HOME}."
>> Â Â Â Â fi
>> +elif [ ! -O "$HOME" -a Â`/usr/bin/dirname "$HOME"` = /home ]; then
>> + Â Â Â Âecho "WARNING: Your home directory at $HOME is owned by someone else!"
>> Âfi
>>
>> Unfortunately that does incur a fork when the SYSTEM-owned Windows
>> user directory is used as the Cygwin home, but not for the default
>> case where the Cygwin home is in /home.
>
> You could do that without fork:
>
> Âelif [ ! -O "$HOME" -a "${HOME#/home/}" != "${HOME}" ]

Nice. (Also, I hadn't considered that process substitution is done
before arguments are passed to test.)

Andy


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]