This is the mail archive of the cygwin@cygwin.com mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: Safety of ssh-agent re: fake unix sockets?

From: Christopher Faylor <cgf at redhat dot com>
To: cygwin at cygwin dot com
Date: Wed, 5 Dec 2001 16:47:44 -0500
Subject: Re: Safety of ssh-agent re: fake unix sockets?
References: <20011204223757.A17439@io.jtan.com> <792981176.20011205114801@logos-m.ru>
Reply-to: cygwin at cygwin dot com

On Wed, Dec 05, 2001 at 11:48:01AM +0300, egor duda wrote:
>I'd like to stress again that cygwin is still insecure and can be
>exploited by users locally logged on, but there's no known remote
>exploits. If anyone knows about the ways to exploit cygwin remotely,
>_please_ report them to cygwin-developers mailing list.

Actually, report them here.  Posting to cygwin-developers is limited to
subscribers only.

I know that this is potentially less secure-through-obscure but I don't
know of any other way to handle this.

cgf

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

References:
- Safety of ssh-agent re: fake unix sockets?
  - From: Seth Delackner
- Re: Safety of ssh-agent re: fake unix sockets?
  - From: egor duda

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]