gnuwin32 in a multi-user environment
Tim Newsham
newsham@lava.net
Sun Nov 9 13:15:00 GMT 1997
Just thought I'd bring this up since I believe most people are
ignorant of this fact:
Cygwin32 is not secure in a multi-user environment. For
example if you have a long running daemon such as "inetd"
running as admin while ordinary users are logged in, or if
you have a user logged in remotely while another user is logged
into the console. One cygwin client can trick another into
running code for it. In this way one user may gain the
priveledge of another cygwin program running on the machine.
This is because cygwin has shared state that is accessible by
all processes.
Tim N.
-
For help on using this list (especially unsubscribing), send a message to
"gnu-win32-request@cygnus.com" with one line of text: "help".
More information about the Cygwin
mailing list