cygwin.cygwin.narkive.com
Hi , My company works with various businesses to enhance their website to boost its speed and overall conversions. Would you be open to receiving some more info and a quote? Best regards, Harry Cox | CEO PrimeVision LLC - We Deliver Value Headquarters: 111A 15th St New York, NY, 10003 If you want to cease receiving our email, please reply with -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation:https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
Re: sshd_config AllowStreamLocalForwarding *remote not possible* / effectively privsep off
Hi, I've just updated the subject line for accuracy. Only remote/reverse unix socket forwarding fails. Further, I have a clarification that might have significance: On 8/08/2023 3:40 am, Corinna Vinschen via Cygwin wrote: > On Aug 7 22:11, Shaddy Baddah via Cygwin wrote: .. > >> DISABLE_FD_PASS is always set by autoconf for Cygwin. And my reading is >> that not having that capability effectively means whatever the other >> criteria, the executing process doesn't have sufficient "separation" of >> privilege to be treated in the same manner. Perhaps contrary to expectation, with the more conventional remote/reverse TCP port forwarding, with Cygwin sshd, the LISTEN port exists in the, is it called the monitor (http://www.citi.umich.edu/u/provos/ssh/priv.jpg)/intermediatary sshd process. So something like: |>~C |ssh> -R 12345:22 will result in a (confirmed by netstat) LISTEN port in the SYSTEM owned sshd process, which is the parent of the non-privileged owned sshd process. I'm not suggesting that this is not a considered situation, because to my knowledge, it's a much different situation allowing an ssh user to manipulate the filesystem (for unix sockets), as SYSTEM. Than using netsocks as SYSTEM to try and bind TCP ports... I think??? But it certainly aligns with my newfound understanding of Cygwin's "trade-off" form of privilege separation. -- Regards, Shaddy -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation:https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
Re: sshd_config AllowStreamLocalForwarding perm off / effectively privsep off
Hi, On 8/08/2023 3:40 am, Corinna Vinschen via Cygwin wrote: On Aug 7 22:11, Shaddy Baddah via Cygwin wrote: .. Yes, the parts of OpenSSH requiring descriptor passing are disabled in OpenSSH. Otherwise, what's the solution? Solution for what? What is it you want to do? Reverse unix socket forwarding. Like this: |~aC |ssh> -R /tmp/p2:/tmp/p1 |Forwarding port. |debug1: Remote: Server has disabled streamlocal forwarding. Despite configuration and documentation, this can never work on Cygwin. And I was looking to what an agreeable patch for OpenSSH might be. But if I have read the situation right, by policy, there cannot be one for Cygwin. I do have a workaround, but it's suboptimal. -- Regards, Shaddy -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation:https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
Re: Find free drive letter in Cygwin?
On Mon, Aug 7, 2023 at 8:43 PM Brian Inglis wrote: > > On 2023-08-07 10:52, Martin Wege via Cygwin wrote: > > What is the official cygwin way to find a free drive letter, which can > > be used in a script to mount a drive? > > Just use the Windows UNC network path directly on Cygwin with '/' not '\'. > > For Windows, it may still be NET USE * \\... but have not used it in decades! > > Cygwin should pick it up and automount it under /proc/cygdrive/?/ but see > disclaimer above. So it would be a valid solution in bash to loop from a-z in /proc/cygdrive/$letter/ and see whether this is a dir, right? Thanks, Martin -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation:https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
Re: mkfifo: cannot set permissions of 'x.fifo': Not a directory
On Mon, Aug 7, 2023 at 9:14 PM Corinna Vinschen wrote: > > On Aug 7 12:26, Brian Inglis via Cygwin wrote: > > On 2023-08-07 08:42, Martin Wege via Cygwin wrote: > > > We get a weird mkfifo failure in Cygwin on NTFS: > > > > > > /usr/bin/mkfifo -m 600 x.fifo > > > mkfifo: cannot set permissions of 'x.fifo': Not a directory > > > > This error is also reproducible with default fifo permissions 666 or > > anything else, and appears to be returned by gen_full_path_at() in > > syscalls.cc when called with a fifo: > > This will be fixed in 3.4.8, Thank you > see > https://cygwin.com/git/?p=newlib-cygwin.git;a=commit;h=b56b4d7fd85b First, Can I download a beta of 3.4.8, or any other version with that fix? It's pretty urgent Secondly, how are fifos, other device nodes and mknod implemented? You encode them as softlinks on ntfs? What about Windows native NFSv3 driver, do you use native mknod then to create a fifo? Where can I find the code in cygwin for that? Thanks, Martin -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation:https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
Re: mkfifo: cannot set permissions of 'x.fifo': Not a directory
On Aug 7 12:26, Brian Inglis via Cygwin wrote: > On 2023-08-07 08:42, Martin Wege via Cygwin wrote: > > We get a weird mkfifo failure in Cygwin on NTFS: > > > > /usr/bin/mkfifo -m 600 x.fifo > > mkfifo: cannot set permissions of 'x.fifo': Not a directory > > This error is also reproducible with default fifo permissions 666 or > anything else, and appears to be returned by gen_full_path_at() in > syscalls.cc when called with a fifo: This will be fixed in 3.4.8, see https://cygwin.com/git/?p=newlib-cygwin.git;a=commit;h=b56b4d7fd85b Corinna -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation:https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
Re: Find free drive letter in Cygwin?
On 2023-08-07 10:52, Martin Wege via Cygwin wrote: What is the official cygwin way to find a free drive letter, which can be used in a script to mount a drive? Just use the Windows UNC network path directly on Cygwin with '/' not '\'. For Windows, it may still be NET USE * \\... but have not used it in decades! Cygwin should pick it up and automount it under /proc/cygdrive/?/ but see disclaimer above. -- Take care. Thanks, Brian Inglis Calgary, Alberta, Canada La perfection est atteinte Perfection is achieved non pas lorsqu'il n'y a plus rien à ajouter not when there is no more to add mais lorsqu'il n'y a plus rien à retirer but when there is no more to cut -- Antoine de Saint-Exupéry -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation:https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
Re: mkfifo: cannot set permissions of 'x.fifo': Not a directory
On 2023-08-07 08:42, Martin Wege via Cygwin wrote:
We get a weird mkfifo failure in Cygwin on NTFS:
/usr/bin/mkfifo -m 600 x.fifo
mkfifo: cannot set permissions of 'x.fifo': Not a directory
This error is also reproducible with default fifo permissions 666 or anything
else, and appears to be returned by gen_full_path_at() in syscalls.cc when
called with a fifo: see attached strace extract - underlying Windows file is
Windows shortcut x.fifo.lnk.
Is there a known workaround? So far named fifos cannot be created somehow.
For now, create with default permissions then chmod:
$ mkfifo x.fifo && chmod 600 x.fifo
mode of 'x.fifo' changed from 0666 (rw-rw-rw-) to 0600 (rw---)
$ ls -glo x.fifo{,.lnk}
prw--- 1 0 Aug 7 12:07 x.fifo
prw--- 1 0 Aug 7 12:07 x.fifo.lnk
$ readshortcut -af x.fifo
Target: /usr/src/
Working Directory: /usr/src/
Arguments:
Show Command: Normal
Icon Library: /usr/src/
Icon Library Offset: 0
Description: :\0:c4:1180
--
Take care. Thanks, Brian Inglis Calgary, Alberta, Canada
La perfection est atteinte Perfection is achieved
non pas lorsqu'il n'y a plus rien à ajouter not when there is no more to add
mais lorsqu'il n'y a plus rien à retirer but when there is no more to cut
-- Antoine de Saint-Exupéryopen: open(x.fifo, 0x214)
normalize_posix_path: src x.fifo
cwdstuff::get: posix /usr/src
cwdstuff::get: (/usr/src) = cwdstuff::get (0x1250720, 32768, 1, 0), errno 0
normalize_posix_path: /usr/src/x.fifo = normalize_posix_path (x.fifo)
mount_info::conv_to_win32_path: conv_to_win32_path (/usr/src/x.fifo)
mount_info::conv_to_win32_path: src_path /usr/src/x.fifo, dst
C:/.../cygwin64/usr/src/x.fifo, flags 0x30008, rc 0
symlink_info::check: 0xC034 = NtCreateFile
(/??/C:/.../cygwin64/usr/src/x.fifo)
symlink_info::check: 0xC034 = NtQueryInformationFile
(/??/C:/.../cygwin64/usr/src/x.fifo)
symlink_info::check: 0xC034 = NtCreateFile
(/??/C:/.../cygwin64/usr/src/x.fifo.exe)
symlink_info::check: 0xC034 = NtQueryInformationFile
(/??/C:/.../cygwin64/usr/src/x.fifo.exe)
symlink_info::check: 0x0 = NtCreateFile (/??/C:/.../cygwin64/usr/src/x.fifo.lnk)
symlink_info::check: is a device
symlink_info::check: 0 = symlink.check(C:/.../cygwin64/usr/src/x.fifo.lnk,
0x7B760) (mount_flags 0x30008, path_flags 0x14)
path_conv::check: this->path(C:/.../cygwin64/usr/src/x.fifo.lnk), has_acls(1)
build_fh_pc: fh 0x88DF0, dev 00C4
fhandler_base::open: (/??/C:/.../cygwin64/usr/src/x.fifo.lnk, 0x2148000)
fhandler_base::set_flags: flags 0x2148000, supplied_bin 0x1
fhandler_base::set_flags: filemode set to binary
fhandler_base::open: 0x0 = NtCreateFile (0x1F8, 0x20080,
/??/C:/.../cygwin64/usr/src/x.fifo.lnk, io, NULL, 0x0, 0x7, 0x1, 0x4000, NULL,
0)
fhandler_base::open: 1 =
fhandler_base::open(/??/C:/.../cygwin64/usr/src/x.fifo.lnk, 0x2148000)
fhandler_base::open_fs: 1 =
fhandler_disk_file::open(/??/C:/.../cygwin64/usr/src/x.fifo.lnk, 0x2148000)
open: 3 = open(x.fifo, 0x2148000)
__set_errno: int gen_full_path_at(char*, int, const char*, bool):4445 setting
errno 20
close: close(3)
fhandler_base::close: closing '/usr/src/x.fifo' handle 0x1F8
close: 0 = close(3)
--
Problem reports: https://cygwin.com/problems.html
FAQ: https://cygwin.com/faq/
Documentation:https://cygwin.com/docs.html
Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
Re: sshd_config AllowStreamLocalForwarding perm off / effectively privsep off
On Aug 7 22:11, Shaddy Baddah via Cygwin wrote:
> Hi,
>
> For the current OpenSSH server (9.3p2), AllowStreamLocalForwarding
> defaults on. That means both local and remote unix socket port
> portforwarding are possible.
>
> For Cygwin, it appears the remote form of this is not possible. The
> following message is seen on the client-side, regardless of whether
> sshd_config explicitly defines AllowStreamLocalForwarding "on", or
> "all":
>
> |Forwarding port.
> |debug1: Remote: Server has disabled streamlocal forwarding.
>
> Finding the code around this, and a three(?) component conditional
> expression that "fails" into that message, I discovered that the
> reason it is not allowed is the following conditional:
>
> | (pw->pw_uid != 0 && !use_privsep)) {
>
> and to my surprise, after compiling a debug version of sshd to discover
> this conditional, it turns out that use_privsep is set to zero (0).
>
> I've been around the Cygwin community for many years, and I remember
> the time when ssh-host-config prompted for priv sep, and the creation
> of the "sshd" local user.
>
> I remember the transition when that prompt was removed, and reading that
> priv sep was now "on permanently".
>
> I think there is a misunderstanding here though, though I'm not 100%
> sure of my reading of the situation. It appears that though priv sep is
> on by default, for Cygwin, it is effectively off, as it cannot be
> implemented???
Privilege separation in OpenSSH consists of two independent parts, both
of which require AF_UNIX sockets.
The first part is transmission of peer credentials per the SO_PEERCRED
socket option. This was relatively easy to implement.
The other part of privilege separation requires AF_UNIX sockets to allow
sending and receiving open file descriptors via the SCM_RIGHTS ancillary
data feature. This does not work in Cygwin.
> DISABLE_FD_PASS is always set by autoconf for Cygwin. And my reading is
> that not having that capability effectively means whatever the other
> criteria, the executing process doesn't have sufficient "separation" of
> privilege to be treated in the same manner.
Yes, the parts of OpenSSH requiring descriptor passing are disabled in
OpenSSH.
> Otherwise, what's the solution?
Solution for what? What is it you want to do?
Corinna
--
Problem reports: https://cygwin.com/problems.html
FAQ: https://cygwin.com/faq/
Documentation:https://cygwin.com/docs.html
Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
Re: Entering Cygwin command line (bash login) from Windows cmd.exe ?
On 8/7/23, Roland Mainz via Cygwin wrote: > On Sat, Jul 29, 2023 at 6:18 AM Roland Mainz wrote: >> Is there an official way to enter the Cygwin command line (e.g. bash >> login) from Windows cmd.exe, e.g. if someone ssh's into a Windows >> machine he/she ends/up in a cmd.exe and not bash... > > ping! Years ago this was the default way to start cygwin (I don't think I've changed it, but who knows??) C:\cygwin>type Cygwin.bat @echo off C: chdir C:\cygwin\bin bash --login -i There's a Cygwin.bat in /etc/defaults that needs to be copied to the cygwin root directory: C:\cygwin>type etc\defaults\Cygwin.bat @echo off setlocal enableextensions set TERM= cd /d "%~dp0bin" && .\bash --login -i C:\cygwin> "cd /d" - Use the /D switch to change current drive in addition to changing current directory for a drive. "%~dp0" gives the path of the script, so if the .bat file is in C:\cygwin then "%~dp0bin" expands to C:\cygwin\bin Regards Lee -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation:https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
Find free drive letter in Cygwin?
Hello, What is the official cygwin way to find a free drive letter, which can be used in a script to mount a drive? Thanks, Martin -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation:https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
mkfifo: cannot set permissions of 'x.fifo': Not a directory
Hello, We get a weird mkfifo failure in Cygwin on NTFS: /usr/bin/mkfifo -m 600 x.fifo mkfifo: cannot set permissions of 'x.fifo': Not a directory Is there a known workaround? So far named fifos cannot be created somehow. Thanks, Martin -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation:https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
sshd_config AllowStreamLocalForwarding perm off / effectively privsep off
Hi,
For the current OpenSSH server (9.3p2), AllowStreamLocalForwarding
defaults on. That means both local and remote unix socket port
portforwarding are possible.
For Cygwin, it appears the remote form of this is not possible. The
following message is seen on the client-side, regardless of whether
sshd_config explicitly defines AllowStreamLocalForwarding "on", or
"all":
|Forwarding port.
|debug1: Remote: Server has disabled streamlocal forwarding.
Finding the code around this, and a three(?) component conditional
expression that "fails" into that message, I discovered that the
reason it is not allowed is the following conditional:
| (pw->pw_uid != 0 && !use_privsep)) {
and to my surprise, after compiling a debug version of sshd to discover
this conditional, it turns out that use_privsep is set to zero (0).
I've been around the Cygwin community for many years, and I remember
the time when ssh-host-config prompted for priv sep, and the creation
of the "sshd" local user.
I remember the transition when that prompt was removed, and reading that
priv sep was now "on permanently".
I think there is a misunderstanding here though, though I'm not 100%
sure of my reading of the situation. It appears that though priv sep is
on by default, for Cygwin, it is effectively off, as it cannot be
implemented???
Because this bit of code from sshd.c suggests if DISABLE_FD_PASS is set,
then use_privsep needs to be set to false:
|#ifdef DISABLE_FD_PASSING
| if (1) {
|#else
| if (authctxt->pw->pw_uid == 0) {
|#endif
| /* File descriptor passing is broken or root login */
| use_privsep = 0;
| goto skip;
DISABLE_FD_PASS is always set by autoconf for Cygwin. And my reading is
that not having that capability effectively means whatever the other
criteria, the executing process doesn't have sufficient "separation" of
privilege to be treated in the same manner.
Otherwise, what's the solution? Because the reason for the earlier guard
(the disallowal of streamlocal) was a fix for a CVE from very long ago,
that allowed unix-sockets to be created on the server as
"root"/privileged user.
--
Regards,
Shaddy
--
Problem reports: https://cygwin.com/problems.html
FAQ: https://cygwin.com/faq/
Documentation:https://cygwin.com/docs.html
Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
Re: Kernel stack trace for Winows 10 blue screen when running Cygwin?
On Aug 7 12:43, Cedric Blancher via Cygwin wrote: > On Mon, 7 Aug 2023 at 11:55, Corinna Vinschen > wrote: > > > > On Aug 7 11:29, Cedric Blancher via Cygwin wrote: > > > Forwarding to cygwin@cygwin.com > > > > > > Honestly I find it deeply concerning that a plain, unprivileged user > > > can Bluescreen a machine, and more so that it happens during normal > > > Cygwin usage. > > > > Same here. Cygwin is userspace only! > > > > If any call in Cygwin can generate a bluescreen, it's a bug in the > > kernel or in the driver. Naturally, we have neither control over the > > kernel, nor over the NTFS driver. You might want to open a support case > > with Microsoft. > > Well, a colleague is handling that. The feedback sent to her however was that: > - Cygwin is not a Windows product > - We should WSL instead > - Cygwin might make use private Windows apis > - We should run this by the "Cygwin company" ROFL > It is my turn now to provide a kernel stack trace to prove them wrong > - IF I can manage to make one. That's why I am asking for help here. > > HELP! I'd start with running the crashing process under strace. This might give a clue as to what or why it's happening. Be aware that an strace might be *very* big in your case, and that running under strace might take a *very* long time. Apart from that, I'm not really familiar with catching OS kernel dumps, but the dumper and minidumper tools in Cygwin might be of help, see the docs: https://cygwin.com/cygwin-ug-net/dumper.html https://cygwin.com/cygwin-ug-net/minidumper.html Corinna -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation:https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
Re: Kernel stack trace for Winows 10 blue screen when running Cygwin?
On Mon, 7 Aug 2023 at 11:55, Corinna Vinschen wrote: > > On Aug 7 11:29, Cedric Blancher via Cygwin wrote: > > Forwarding to cygwin@cygwin.com > > > > Honestly I find it deeply concerning that a plain, unprivileged user > > can Bluescreen a machine, and more so that it happens during normal > > Cygwin usage. > > Same here. Cygwin is userspace only! > > If any call in Cygwin can generate a bluescreen, it's a bug in the > kernel or in the driver. Naturally, we have neither control over the > kernel, nor over the NTFS driver. You might want to open a support case > with Microsoft. Well, a colleague is handling that. The feedback sent to her however was that: - Cygwin is not a Windows product - We should WSL instead - Cygwin might make use private Windows apis - We should run this by the "Cygwin company" It is my turn now to provide a kernel stack trace to prove them wrong - IF I can manage to make one. That's why I am asking for help here. HELP! Ced -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation:https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
Re: Kernel stack trace for Winows 10 blue screen when running Cygwin?
On Aug 7 11:29, Cedric Blancher via Cygwin wrote: > Forwarding to cygwin@cygwin.com > > Honestly I find it deeply concerning that a plain, unprivileged user > can Bluescreen a machine, and more so that it happens during normal > Cygwin usage. Same here. Cygwin is userspace only! If any call in Cygwin can generate a bluescreen, it's a bug in the kernel or in the driver. Naturally, we have neither control over the kernel, nor over the NTFS driver. You might want to open a support case with Microsoft. Corinna > > Ced > > -- Forwarded message - > From: Cedric Blancher > Date: Sun, 6 Aug 2023 at 23:56 > Subject: Kernel stack trace for Winows 10 blue screen when running Cygwin? > To: > > > Good evening! > > How can we get a Windows kernel stack trace for a blue screen - aka > Windows kernel crash? > > We're experiencing regular blue screens when we run Cygwin git > operations for a large repository (~6GB of text files, sort of DNA > data). > Usually it goes booom in the ntfs module with a git clone, or git > commit, but a more detailed stack trace would be greatly appreciated. > > Ced > -- > Cedric Blancher > [https://plus.google.com/u/0/+CedricBlancher/] > Institute Pasteur > > > -- > Cedric Blancher > [https://plus.google.com/u/0/+CedricBlancher/] > Institute Pasteur > > -- > Problem reports: https://cygwin.com/problems.html > FAQ: https://cygwin.com/faq/ > Documentation:https://cygwin.com/docs.html > Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation:https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
Fwd: Kernel stack trace for Winows 10 blue screen when running Cygwin?
Forwarding to cygwin@cygwin.com Honestly I find it deeply concerning that a plain, unprivileged user can Bluescreen a machine, and more so that it happens during normal Cygwin usage. Ced -- Forwarded message - From: Cedric Blancher Date: Sun, 6 Aug 2023 at 23:56 Subject: Kernel stack trace for Winows 10 blue screen when running Cygwin? To: Good evening! How can we get a Windows kernel stack trace for a blue screen - aka Windows kernel crash? We're experiencing regular blue screens when we run Cygwin git operations for a large repository (~6GB of text files, sort of DNA data). Usually it goes booom in the ntfs module with a git clone, or git commit, but a more detailed stack trace would be greatly appreciated. Ced -- Cedric Blancher [https://plus.google.com/u/0/+CedricBlancher/] Institute Pasteur -- Cedric Blancher [https://plus.google.com/u/0/+CedricBlancher/] Institute Pasteur -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation:https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
