This is the mail archive of the cygwin@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]

RE: Shell execution


> It works. In a way. Apart from gaping security hole there's another
> big problem with letters. Your script may just silently die before
> reaching '/winnt/system32/net use /d m:' line. In that case (at least
> on NT 4.0) you'll be left with exiting, but unaccessible, undeletable
> and unchangeable 'm:'. Next time your script won't be able to run at
> all. You'll need to restart your machine to get rid of it

Absolutely... you have to be careful when you write your script ;->

> So, i strongly suggest using UNC everywhere where possible.

Agreed, whenever possible.

But I will add that if the share you are trying to get at is not
open for Everyone, or is in another domain, or some other security
restriction prevents you being able to see it via UNC... you
can fairly safely pass your credentials across before you
first try to access any files on the UNC share using:

/winnt/system32/net use '\\hostname\ipc$' yourpassword
'/user:YOURDOMAIN\yourusername'

I've had to do this in some cases, and it works equally
well.  Same security hole applies of course.

But it's better than leaving my share open for Everyone WRITE
and thus being subject to the Nimba-type virus (or whatever
it was called) that got passed
around earlier this week ;->  It takes advantage of the
fact that lots of people like to create shares to their drives
with Everyone WRITE enabled.

Troy

-----Original Message-----
From: egor duda [mailto:deo@logos-m.ru]
Sent: Friday, September 21, 2001 12:49 PM
To: Troy Noble
Cc: 'Upat54wo@aol.com'; cygwin@cygwin.com
Subject: Re: Shell execution


Hi!

Friday, 21 September, 2001 Troy Noble troy.noble@channelpoint.com wrote:

>>From /usr/doc/Cygwin/cron.README:

TN> "On NT/W2K run cron under SYSTEM account
TN> as service to use that feature. Note that you don't have access to
TN> net shares in the child processes then."

TN> Which means m: (and thus /cygdrive/m) 
TN> is likely not mapped when your cron job is running...
TN> as you discovered.

TN> Search the archives for similar discussions on this
TN> subject.  A search on Google for cygwin +cron +mount +username
TN> should do the trick I'd imagine.

TN> A nifty little trick I've learned... if you don't mind
TN> storing your NT username and password in a plain text file
TN> somewhere on your disk (like in your script):

TN> /winnt/system32/net use m: '\\hostname\sharename' yourpassword
TN> '/user:YOURDOMAIN\yourusername'

TN> and later before your script exits

TN> /winnt/system32/net use /d m:

TN> The security hole that this opens up should be obvious to
TN> the casual observer... but it is effective nonetheless.

It works. In a way. Apart from gaping security hole there's another
big problem with letters. Your script may just silently die before
reaching '/winnt/system32/net use /d m:' line. In that case (at least
on NT 4.0) you'll be left with exiting, but unaccessible, undeletable
and unchangeable 'm:'. Next time your script won't be able to run at
all. You'll need to restart your machine to get rid of it

So, i strongly suggest using UNC everywhere where possible.

Egor.            mailto:deo@logos-m.ru ICQ 5165414 FidoNet 2:5020/496.19

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]