This is the mail archive of the cygwin@sourceware.cygnus.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]

Security Documentation, SSH


> This is not going to happen.  We understand the security vunerabilities
> of Cygwin very well.  The security model is basically security through
> obscurity which, I'm sure you are aware, is no security at all.

I personally appreciate candor in this area having experineced breakin attempts
amied at such insider plums as the Moody's Ratings DB, or the Barings
Securities Position tables.

But from what I read, it is an issue of using an NT box as a multiuser system.
Now my post suggesting using the regular UNIX login system for SSH and limiting
the box to a single user makes even more sense.  Telent could also be ported in
this way.



> Although, now that I think of it, if you're running any CGI scripts on
> this theoretical web site then you are at risk since Cygwin's security
> model is wide open to a craftily written perl script.

Perl is equipped to solve these problems, if you know the language.  You simply
encapsulate the input to prevent it from being evaluated.  The input struture,
for instance, keeps scalars as elements of an array.  Side effect or clever
feature, I'm not sure...


> We would certainly consider changing this if a customer wanted to pay
> for this work.  It would be a very interesting project.

I, for one, am getting a little tired of hearing this from your organization.
I am founding a perl group which will not only preach to educators the cost
effectiveness of our swiss-army-chain-saw, but teach business types as well,
for free.

An this w/o the support of our employers.  You guys, on the other hand are
rolling in dough, spending millions on NY apartments, etc, etc...

Linux and the whole public s/w venue is a gift, but only if the given to keep
on giving.

Consider this in the light that it is meant.



=====
John van Vlaanderen

      #########################################
      #    CXN, Inc. Contact:                 #
      #    john@thinman.com, www.thinman.com  #
      #    1 917 309 7379 (cell, voice mail)  #                   
      #########################################
__________________________________________________
Do You Yahoo!?
Talk to your friends online with Yahoo! Messenger.
http://im.yahoo.com

--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]