This is the mail archive of the
cygwin-developers@cygwin.com
mailing list for the Cygwin project.
Re: How secure is Cygwin in a multi-user environment?
On Wed, 2 Mar 2005, Corinna Vinschen wrote:
> On Mar 1 21:33, Pierre A. Humblet wrote:
> > [...]
> > This isn't up to date any more, the hole described above is now fixed.
> > So the entry should be updated. I suggest replacing it with the following:
> >
> > How secure is Cygwin in a multi-user environment?
> >
> > As of version 1.5.13, the Cygwin developers are not aware of any feature
> > in the cygwin dll that would allow users to gain privileges or to access
> > objects
> > to which they have no rights under Windows.
> > Cygwin processes share some variables and are thus easier targets of
> > denial of service type of attacks.
>
> What I really like to see is the hint that we don't give any guarantee
> for being "secure".
How about "Cygwin is as secure as the Windows it runs on"?
Igor
--
http://cs.nyu.edu/~pechtcha/
|\ _,,,---,,_ pechtcha@cs.nyu.edu
ZZZzz /,`.-'`' -. ;-;;,_ igor@watson.ibm.com
|,4- ) )-,_. ,\ ( `'-' Igor Pechtchanski, Ph.D.
'---''(_/--' `-'\_) fL a.k.a JaguaR-R-R-r-r-r-.-.-. Meow!
"The Sun will pass between the Earth and the Moon tonight for a total
Lunar eclipse..." -- WCBS Radio Newsbrief, Oct 27 2004, 12:01 pm EDT