This is the mail archive of the cygwin-patches@cygwin.com mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: Fixing a security hole in mount table.

From: Charles Wilson <cygwin at cwilson dot fastmail dot fm>
To: cygwin-patches at cygwin dot com
Date: Mon, 08 Sep 2003 23:35:48 -0400
Subject: Re: Fixing a security hole in mount table.
References: <3.0.5.32.20030908204606.00816d10@incoming.verizon.net> <20030909011134.GA6708@redhat.com>

Christopher Faylor wrote:

I wonder if it is time to bite the bullet and get rid of user-mode
mounts entirely.  Or maybe disallow them in suid'ed sessions?  They
are always going to be a security hole AFAICT.

I think that would be a bad idea. What if I want to install a private version of cygwin on a machine to which I don't have Admin access? (ITFascists can shut up right now; I'm not listening..."You vill use de Microsoft Application Suite ve haf provided, and nuzzing else!")

--
Chuck

Follow-Ups:
- RE: Fixing a security hole in mount table.
  - From: Gary R Van Sickle

References:
- Fixing a security hole in mount table.
  - From: Pierre A. Humblet
- Re: Fixing a security hole in mount table.
  - From: Christopher Faylor

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]