[patch/cygwin]: Remove setting extra permissions on system directories

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Hi,

please consider the below patch for OpenSSH 6.7.  A fix in POSIX ACL
handling in Cygwin turned up this rather old code in the ssh-host-config
script.  It opens the permissions for some directories, especially
/var/empty, for the "system" user for no good reason.

This results in sshd refusing to start because the permissions on
/var/empty are too open.

The below patch fixes that by dropping the code adding an ACL entry
for the "system" user.


Thanks,
Corinna


Index: contrib/cygwin/ssh-host-config
===================================================================
RCS file: /cvs/openssh/contrib/cygwin/ssh-host-config,v
retrieving revision 1.35
diff -u -p -r1.35 ssh-host-config
--- contrib/cygwin/ssh-host-config	27 May 2014 04:31:59 -0000	1.35
+++ contrib/cygwin/ssh-host-config	29 Aug 2014 21:24:02 -0000
@@ -37,7 +37,6 @@ declare -a csih_required_commands=(
   /usr/bin/mkpasswd cygwin
   /usr/bin/mount cygwin
   /usr/bin/ps cygwin
-  /usr/bin/setfacl cygwin
   /usr/bin/umount cygwin
   /usr/bin/cmp diffutils
   /usr/bin/grep grep
@@ -658,11 +657,6 @@ then
   csih_warning "Can't set permissions on ${SYSCONFDIR}!"
   let ++warning_cnt
 fi
-if ! /usr/bin/setfacl -m u:system:rwx "${SYSCONFDIR}" >/dev/null 2>&1
-then
-  csih_warning "Can't set extended permissions on ${SYSCONFDIR}!"
-  let ++warning_cnt
-fi
 
 # Check for /var/log directory
 csih_make_dir "${LOCALSTATEDIR}/log" "Cannot create log directory."
@@ -671,11 +665,6 @@ then
   csih_warning "Can't set permissions on ${LOCALSTATEDIR}/log!"
   let ++warning_cnt
 fi
-if ! /usr/bin/setfacl -m u:system:rwx "${LOCALSTATEDIR}/log" >/dev/null 2>&1
-then
-  csih_warning "Can't set extended permissions on ${LOCALSTATEDIR}/log!"
-  let ++warning_cnt
-fi
 
 # Create /var/log/lastlog if not already exists
 if [ -e ${LOCALSTATEDIR}/log/lastlog -a ! -f ${LOCALSTATEDIR}/log/lastlog ]
@@ -699,11 +688,6 @@ csih_make_dir "${LOCALSTATEDIR}/empty" "
 if ! /usr/bin/chmod 755 "${LOCALSTATEDIR}/empty" >/dev/null 2>&1
 then
   csih_warning "Can't set permissions on ${LOCALSTATEDIR}/empty!"
-  let ++warning_cnt
-fi
-if ! /usr/bin/setfacl -m u:system:rwx "${LOCALSTATEDIR}/empty" >/dev/null 2>&1
-then
-  csih_warning "Can't set extended permissions on ${LOCALSTATEDIR}/empty!"
   let ++warning_cnt
 fi
 

-- 
Corinna Vinschen
Cygwin Maintainer
Red Hat

Attachment: pgpLyIoqqz6AS.pgp
Description: PGP signature

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux