This is the mail archive of the
mailing list for the Cygwin project.
Re: cygwin dll security
On Tue, Dec 31, 2002 at 03:26:39PM +1100, Adam.Cioccarelli@ubsw.com wrote:
>our company is looking at using Cygwin on our NT/2000 servers. However
>our security review team has expressed doubts over the fact that Cygwin
>is said to be insecure in a multi user environment. I was just
>wondering what experienced Cygwin users think about this issue and if
>it is an issue that is likely to be resolved or if there is a work
>around to 'secure' Cygwin in a multi user environment.
Your security review team has every right to be concerned. Cygwin
should not be used in a secure multiuser environment. I'd go so far as
to suggest that unless you are interested in growing some kind of
experts in-house in any free software package that you use, you'd be
better off ensuring that whatever you decide upon is fully supported by
a commercial entity.
If you are really interested in security then downloading a package
from a web site for free doesn't seem like the best plan to me unless
you have the expertise to maintain the software yourself.
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html