headers
Allan Schrum | 1 Dec 2008 03:25
Picon
Favicon

Re: RSync random failures

>In the event log the following message was found:

>rsyncd: PID 1800: rsync error: error in file IO (code 11) at
/home/lapo/packaging/rsync-3.0.4-1/src/rsync-3.0.4/clientserver.c(985) [receiver=3.0.4].

I downloaded the source, rebuilt and I am running under the debugger. The line indicated above is where
RSync discovers that the PID file already exists. While that specific problem is solved by deleting the
PID file, the problem is that the PID file should never exist after RSync exits.

There is some condition that leaves the PID file when RSync shuts down (as a service under Windows XP)
normally. This problem did not exist in the previous version (2.6.9-2).

I have tried hibernation, stand-by, shutdown & restart, network disconnections, various signals
passed, etc., and nothing reliably causes the problem to manifest itself. But any of these methods has
caused the problem. It seems to happen more frequently during shutdown & restart than any other method.

Any ideas on how to debug? Anyone else have this problem?

Thanks,

-Allan
Permalink | Reply | 501 comments |
headers
stevench2000 | 1 Dec 2008 06:37
Picon

Re: Help needed: first time tried sshd and got stuck not far from the beginning...


Thanks to both of you for the tips.
After adding the -ddd option in invoking sshd in the ssh-host-config, I was
able to see this error message from the log:

     17 [main] sshd 42180 child_copy: linked dll data write copy failed,
0x24500
0..0x2452E0, done 0, windows pid 42200, Win32 error 487

Does this look familiar?
Do you have any suggestions?

Regards,
Steve

Larry Hall (Cygwin) wrote:
> 
> On 11/29/2008, Matthias Meyer wrote:
>> Please go to your server and run "/usr/sbin/sshd -ddd -D" Maybee your 
>> ssh-server say something about the reason.
> 
> This won't work.  You'll need to set up a new service which invokes
> 'sshd' with the above debug flags and start that service instead.  See
> 'ssh-host-config' for details on setting up such a service using the
> 'cygserver' account.  If you proceed with the above advice, you may
> change the permissions on files that the service needs set for
> 'cygserver',
> effectively breaking 'sshd' when run as a service.
> 
> --
(Continue reading)

Permalink | Reply | 2 comments |
headers
Larry Hall (Cygwin | 1 Dec 2008 07:29
Favicon

Re: Help needed: first time tried sshd and got stuck not far from the beginning...

stevench2000 wrote:
> Thanks to both of you for the tips.
> After adding the -ddd option in invoking sshd in the ssh-host-config, I was
> able to see this error message from the log:
> 
>      17 [main] sshd 42180 child_copy: linked dll data write copy failed,
> 0x24500
> 0..0x2452E0, done 0, windows pid 42200, Win32 error 487
> 
> Does this look familiar?

Yes.

> Do you have any suggestions?

Yes, two.

1. Install the 'rebase' package and follow the instructions in its
    README file (under '/usr/share/doc/Cygwin').

2. <http://cygwin.com/acronyms/#BLODA>

Either one of the above is your solution.  You shouldn't need to do both.
(1) is probably easier to try.  However, I'll bet on (2).

--

-- 
Larry Hall                              http://www.rfk.com
RFK Partners, Inc.                      (508) 893-9779 - RFK Office
216 Dalton Rd.                          (508) 893-9889 - FAX
Holliston, MA 01746
(Continue reading)

Permalink | Reply | 1 comment |
headers
Corinna Vinschen | 1 Dec 2008 12:00
Favicon

Re: sem_unlink?

On Nov 28 11:20, Christopher Faylor wrote:
> On Fri, Nov 28, 2008 at 10:25:56AM +0100, Corinna Vinschen wrote:
> >On Nov 28 10:09, Samuel Thibault wrote:
> >> Christopher Faylor, le Thu 27 Nov 2008 21:18:23 -0500, a ?crit :
> >> > On Fri, Nov 28, 2008 at 12:16:51AM +0100, Samuel Thibault wrote:
> >> > >There is no sem_unlink function, is there a reason or is that a PTW?
> >> > 
> >> > PTC.  It's not easy to get right in a Windows environment.  If I read
> >> > what's required correctly it could require interprocess communication.
> >> 
> >> Mmm, I haven't tested (and can't right now), but does that mean that
> >> even if sem_open() is currently provided, it does not work?
> >
> >The POSIX semaphore implementation is incomplete in terms of named
> >semaphores up to Cygwin 1.5.25.  Cygwin 1.7.0 provides all functions,
> >including sem_unlink.
> 
> Sorry for the misinformation.  I completely missed the sem_unlink that
> was right there on my screen.

No worries.

Corinna

--

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat
(Continue reading)

Permalink | Reply | 0 comments |
headers
Dr. Volker Zell | 1 Dec 2008 15:58
Picon
Favicon

Re: Problem Starting up XEmacs

>>>>> Sebastian Nohn writes:

    > Hi,
    > I have a strange problem starting XEmacs:

    > $ xemacs
    > *** Error in XEmacs initialization
    > (error "Must be string, vector, or font-instance" #<x-device on
    > "127.0.0.1:0.0" 0xb17>)
    > *** Backtrace
    >   really-early-error-handler((error "Must be string, vector, or
    > font-instance" #<x-device on "127.0.0.1:0.0" 0xb17>))
    >   check-valid-instantiator(#<x-device on "127.0.0.1:0.0" 0xb17> font)
    >   # bind (result noerror specifier-type spec)
    >   canonicalize-spec(#<x-device on "127.0.0.1:0.0" 0xb17> font nil)
    >   # bind (rest result)
    >   byte-code("..." [specifier-type res2 noerror spec-list result rest
    > nil throw cann-spec-list t signal error "Invalid list format"
    > canonicalize-spec] 5)
    >   # (catch cann-spec-list ...)
    >   # bind (result noerror specifier-type spec-list)
    >   canonicalize-spec-list((#<x-device on "127.0.0.1:0.0" 0xb17>) font)
    >   # bind (is-valid nval how-to-add tag-set locale value specifier)
    >   set-specifier(#<font-specifier global=((default x)
    > . "-*-courier-medium-r-*-*-*-120-*-*-*-*-iso8859-*")
    > fallback=((... . "Courier New:Regular:10::Western")
    > (... . "Courier:Regular:10::Western")
    > (... . "Fixedsys:Regular:9::Western") (... . "Courier
    > New:Regular:10::Western") (... . "Courier:Regular:10::Western")
    > (... . "normal") ...) 0x1c9> nil #<x-device on "127.0.0.1:0.0" 0xb17>
(Continue reading)

Permalink | Reply | 0 comments |
headers
TheO | 1 Dec 2008 17:20
Picon
Favicon

Finally managed to create a jailed SFTP server, but how secure?

Hi,

I finally managed to create a chroot'ed (jailed) SFTP environment under Cygwin. Here are my steps which may
be useful for others:

- All directories from root to the chroot directory must be owned by UID 0 and GID 0. For example, if you want to
jail users in /jail then / and /jail must belong to (0, 0). In my setup, I set Administrator user to be (0, 0) in /etc/passwd.

- The home directory for user as declared in /etc/passwd must be created under this chroot directory too,
for example, /jail/home/user must exist too and belong to user.

- Use internal-sftp for Subsystem sftp

So my minimum directory structure is as follow:

    /jail
    /jail/home
    /jail/home/user
    /home/user

If you want to enable public key authentication, then the following must exist too:

    /home/user/.ssh
    /home/user/.ssh/authorized_keys

My /etc/sshd_config contains:

    ChrootDirectory   /jail
    Subsystem   sftp  internal-sftp
(Continue reading)

Permalink | Reply | 40 comments |
headers
Larry Hall (Cygwin | 1 Dec 2008 17:51
Favicon

Re: Finally managed to create a jailed SFTP server, but how secure?

TheO wrote:

<snip>

> As far as I am concerned, user's view is restricted enough to what I
> allow  them to see and do. If I revoke user's rights to write to any directory
> except /jail/home/user, then he should only be able to upload files to his
> jailed home directory.
> 
> My question is, how secure is Cygwin as SFTP server set up this way? Is
> there any security hole I don't know yet?

Security from the standpoint of access to the remote file system and
processes come from the security measures put in place under Windows
on the remote system.  SFTP under Cygwin will not provide this.  It
only provids encrypted transport.

--

-- 
Larry Hall                              http://www.rfk.com
RFK Partners, Inc.                      (508) 893-9779 - RFK Office
216 Dalton Rd.                          (508) 893-9889 - FAX
Holliston, MA 01746

_____________________________________________________________________

A: Yes.
 > Q: Are you sure?
 >> A: Because it reverses the logical flow of conversation.
 >>> Q: Why is top posting annoying in email?
(Continue reading)

Permalink | Reply | 39 comments |
headers
Larry Hall (Cygwin | 1 Dec 2008 19:17
Favicon

Re: Finally managed to create a jailed SFTP server, but how secure?

Larry Hall (Cygwin) wrote:
> TheO wrote:
> 
> <snip>
> 
>> As far as I am concerned, user's view is restricted enough to what I
>> allow  them to see and do. If I revoke user's rights to write to any 
>> directory
>> except /jail/home/user, then he should only be able to upload files to 
>> his
>> jailed home directory.
>>
>> My question is, how secure is Cygwin as SFTP server set up this way? Is
>> there any security hole I don't know yet?

Ugh!  Looks like I'm challenged in the proof-reading department this
morning!

> Security from the standpoint of access to the remote file system and
> processes come from the security measures put in place under Windows
                 ^
                 s
> on the remote system.  SFTP under Cygwin will not provide this.  It
> only provids encrypted transport.
              ^
              e
> 

--

-- 
Larry Hall                              http://www.rfk.com
(Continue reading)

Permalink | Reply | 0 comments |
headers
TheO | 1 Dec 2008 20:13
Picon
Favicon

Re: Finally managed to create a jailed SFTP server, but how secure?

> 
> Security from the standpoint of access to the remote file system and
> processes come from the security measures put in place under Windows
> on the remote system.  SFTP under Cygwin will not provide this.  It
> only provids encrypted transport.
> 

According to my observation, regardless of his authentication (public key or password), he can only see a
limited number of directories within the jail environment. The only directory which is virtually added
by Cygwin during his login, and therefore beyond my control, is /cygdrive. Luckily enough for me, it is
empty so in my opinion the user can't traverse my harddisk.

I did some simple tests to break out my jail. From my SFTP session, I tried to do the following:

  sftp> cd /cygdrive
  sftp> cd c
  Couldn't canonicalise: No such file or directory
  sftp> mkdir c
  Couldn't create directory: No such file or directory

which is good.

But maybe my simple tests are not enough. Maybe there are some special file names which are not mapped to any
directory or file but are interpreted internally by Cygwin to designate some directories outside the jail.

Thanks again.
Permalink | Reply | 37 comments |
headers
Christian Franke | 1 Dec 2008 21:16
Picon
Favicon

Avoid duplicate names in /proc/registry (which may crash find) ?

When dirent.d_type support is added to /proc/registry (see attachment), 
find 4.4.0-3 crashes on keys with duplicate names.

Testcases:

$ find-with-d_type \
/proc/registry/HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/ALG/ISV

$ find-with-d_type \
/proc/registry/HKEY_LOCAL_MACHINE/SYSTEM/ControlSet001/Services/Eventlog/Security

These keys contain a key and a value with the same name and readdir() 
returns both (with different d_type).

Possible fix to avoid identical names:

1. Put keys and values in different namespaces, e.g.

/proc/registry/path/name.key
/proc/registry/path/name.val

Drawback: Breaks backward compatibility.

or:

2. In readdir(), record the key names in some set<> or hash-table. If 
(and only if) a duplicate name is detected, return a modified name for 
the value:

/proc/registry/path/name
(Continue reading)

Permalink | Reply | 7 comments |

Gmane