This is the mail archive of the
cygwin@cygwin.com
mailing list for the Cygwin project.
Re: Security Issue with Cygwin
- From: "Max Bowsher" <maxb at ukf dot net>
- To: "Lambeth Darwin" <dlambeth at darwinsdomain dot com>,<cygwin at cygwin dot com>
- Cc: <dlambeth at starmountain dot com>
- Date: Thu, 23 Jan 2003 00:59:54 -0000
- Subject: Re: Security Issue with Cygwin
- References: <5D031EBC03123A4AB69FDC7FD99ACCFC13BF@exchange.darwinsdomain.com>
Lambeth Darwin wrote:
> To whom it may concern;
>
> Not sure if you know this or not, but the default configuration with
> Cygwin allows any user to change to any directory on a W2K box and
> delete whatever files they want. I have installed it with the current
> default instructions and was able to logon as a regular domain user
> and cd to c: and delete or add files. That is a major issue. Let me
> know if there is something I missed.
Sounds like C: has excessively relaxed permissions, and you coincidentally
noticed after you had installed Cygwin.
You should be able to exactly the same from a cmd.exe shell.
Max.
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/