This is the mail archive of the
cygwin-developers@cygwin.com
mailing list for the Cygwin project.
Re: Unable to compile cygwin
- From: "Pierre A. Humblet" <Pierre dot Humblet at ieee dot org>
- To: cygwin-developers at cygwin dot com
- Date: Wed, 24 Dec 2003 10:37:55 -0500
- Subject: Re: Unable to compile cygwin
- References: <20031223041300.GA1004023@hpn5170x><BAY9-F16kERMwSuWPjm00018ce5@hotmail.com><20031222215956.GB32638@redhat.com><bs7rcu$bcf$1@sea.gmane.org><20031223015333.GA7322@redhat.com><20031223041300.GA1004023@hpn5170x>
At 11:57 PM 12/22/2003 -0500, Christopher Faylor wrote:
>On Mon, Dec 22, 2003 at 11:13:00PM -0500, Pierre A. Humblet wrote:
>>I believe that the latest snapshot is "as secure as Windows" in the case
>>where the only Cygwin processes are logged in using Terminal Services
>>on Windows 2003 or Windows 2000 sp4, and do not have the "Create Global
>>Object" privilege (please don't laugh, that's an achievement).
>>That is, if such a user runs cygwin compiled programs under a cygwin shell,
>>he is no more exposed and has no more power that if running regular Windows
>>programs under cmd.exe
>
>There are still other holes.
>
>However, while I understand that there is no real security in security
>through obscurity, I don't think it is useful to discuss all of the
>specific holes we know of in a public list.
Can you be more explicit on this list, or privately?
Pierre