Download Cygwin User's Guide

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
page
36
page
37
page
38
page
39
page
40
page
41
page
42
page
43
page
44
page
45
page
46
page
47
page
48
page
49
page
50
page
51
page
52
page
53
page
54
page
55
page
56
page
57
page
58
page
59
page
60
page
61
page
62
page
63
page
64
page
65
page
66
page
67
page
68
page
69
page
70
page
71
page
72
page
73
page
74
page
75
page
76
page
77
page
78
page
79
page
80
page
81
page
82
page
83
page
84
page
85
page
86
Transcript 
Chapter 1. Cygwin Overview
Other differences between NT and 9x are much more fundamental in nature. The best
example is that only NT provides a security model.
1.6.3. Permissions and Security
Windows NT includes a sophisticated security model based on Access Control Lists
(ACLs). Cygwin maps Win32 file ownership and permissions to the more standard,
older UNIX model by default. Cygwin version 1.1 introduces support for ACLs
according to the system calls used on newer versions of Solaris. This ability is used
when the ‘ntsec’ feature is switched on which is described in another chapter. The
chmod call maps UNIX-style permissions back to the Win32 equivalents. Because
many programs expect to be able to find the /etc/passwd and /etc/group files, we
provide utilities that can be used to construct them from the user and group information
provided by the operating system.
Under Windows NT, the administrator is permitted to chown files. There is no
mechanism to support the setuid concept or API call since Cygwin version 1.1.2. With
version 1.1.3 Cygwin introduces a mechanism for setting real and effective UIDs under
Windows NT/W2K. This is described in the ntsec section.
Under Windows 9x, the situation is considerably different. Since a security model is
not provided, Cygwin fakes file ownership by making all files look like they are owned
by a default user and group id. As under NT, file permissions can still be determined by
examining their read/write/execute status. Rather than return an unimplemented error,
under Windows 9x, the chown call succeeds immediately without actually performing
any action whatsoever. This is appropriate since essentially all users jointly own the
files when no concept of file ownership exists.
It is important that we discuss the implications of our "kernel" using shared memory
areas to store information about Cygwin processes. Because these areas are not yet
protected in any way, in principle a malicious user could modify them to cause
unexpected behavior in Cygwin processes. While this is not a new problem under
Windows 9x (because of the lack of operating system security), it does constitute a
security hole under Windows NT. This is because one user could affect the Cygwin
programs run by another user by changing the shared memory information in ways that
they could not in a more typical WinNT program. For this reason, it is not appropriate
to use Cygwin in high-security applications. In practice, this will not be a major
problem for most uses of the library.
4
Related documents
Cygwin User`s Guide
Cygwin User`s Guide
Cygwin User's Guide
Cygwin User's Guide
Cygwin User's Guide
Cygwin User's Guide
Evolution II Duo ハードウェアインストールガイド
Evolution II Duo ハードウェアインストールガイド
redhat_gnupro_embedd..
redhat_gnupro_embedd..
C-Tutorial
C-Tutorial
Programming with lcc
Programming with lcc
Programming with lcc-win32
Programming with lcc-win32
Programming with lcc-win
Programming with lcc-win