This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

multi user environment security due shared memory

Hi all,

Our company is looking at some security properties of cygwin. We want to run a daemon like sshd in a multi user environment with cygrunsrv.

There was an entry [0] in your FAQ from 2000/09/13 that cygwin is not secure in a multi user environment. This entry was replaced this year [1], that as of 1.5.13 you are not aware of any feature to gain more privileges than you have under Windows. For my understanding is this newest FAQ entry in contrast to what you write in your user guide [2] about the use of shared memory in your 'kernel'. There you write
" does constitute a security hole...".

I was not able to find any recent discussion about this topic on this list (there was one in 2002 [3]). Is there some documentation describing the shared memory segments accessible by all cygwin users?

What is the current status of the following security threats and how would you rate security when running sshd in a multi user environment.

 -Code execution in the context of an other user
 -Denial of service by overwriting the shared memory segments
  of cygwin
 -Data disclosure about processes of an other user by reading
  shared memory segments
 -Other security issues

Thanks for your help

[0] cvs rev 1.1 of winsup/doc/how-api.texinfo

Unsubscribe info:
Problem reports:

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]