This is the mail archive of the mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: cygwin dll security

On Tue, Dec 31, 2002 at 03:26:39PM +1100, wrote:
>our company is looking at using Cygwin on our NT/2000 servers.  However
>our security review team has expressed doubts over the fact that Cygwin
>is said to be insecure in a multi user environment.  I was just
>wondering what experienced Cygwin users think about this issue and if
>it is an issue that is likely to be resolved or if there is a work
>around to 'secure' Cygwin in a multi user environment.

Your security review team has every right to be concerned.  Cygwin
should not be used in a secure multiuser environment.  I'd go so far as
to suggest that unless you are interested in growing some kind of
experts in-house in any free software package that you use, you'd be
better off ensuring that whatever you decide upon is fully supported by
a commercial entity.

If you are really interested in security then downloading a package
from a web site for free doesn't seem like the best plan to me unless
you have the expertise to maintain the software yourself.

Unsubscribe info:
Bug reporting:

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]