This is the mail archive of the
cygwin
mailing list for the Cygwin project.
Re: Locking down cygwin for security
- From: egor duda <deo at corpit dot ru>
- To: Colin JN Breame <colin at breame dot com>
- Cc: cygwin at cygwin dot com
- Date: Fri, 03 Sep 2004 15:23:50 +0400
- Subject: Re: Locking down cygwin for security
- References: <41385172.4040209@breame.com>
Colin JN Breame wrote:
Is it possible to disabled certain features to make cygwin secure over
ssh such that the logged in user cannot:
- cd into any /cygdrive drives
- mount any local or UNC drives
but still:
- access a system wide mount to a local drive
You will gain little additional security by doing this. As long as you
can't prevent user from calling normal win32 applications (such as as
cmd.exe) and win32 APIs (like CreateFile ()) he will be able to accesss
any drives on your system you're supposing to prevent him from.
Your only gain will be false sense of security.
The way to achieve real security is to set proper access rights for all
files on all filesystems on your host and all other hosts this user can
log into.
egor
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/