How secure is Cygwin in a multi-user environment?
Wed Mar 2 17:04:00 GMT 2005
On Wed, 2 Mar 2005, Corinna Vinschen wrote:
> On Mar 1 21:33, Pierre A. Humblet wrote:
> > [...]
> > This isn't up to date any more, the hole described above is now fixed.
> > So the entry should be updated. I suggest replacing it with the following:
> > How secure is Cygwin in a multi-user environment?
> > As of version 1.5.13, the Cygwin developers are not aware of any feature
> > in the cygwin dll that would allow users to gain privileges or to access
> > objects
> > to which they have no rights under Windows.
> > Cygwin processes share some variables and are thus easier targets of
> > denial of service type of attacks.
> What I really like to see is the hint that we don't give any guarantee
> for being "secure".
How about "Cygwin is as secure as the Windows it runs on"?
|\ _,,,---,,_ email@example.com
ZZZzz /,`.-'`' -. ;-;;,_ firstname.lastname@example.org
|,4- ) )-,_. ,\ ( `'-' Igor Pechtchanski, Ph.D.
'---''(_/--' `-'\_) fL a.k.a JaguaR-R-R-r-r-r-.-.-. Meow!
"The Sun will pass between the Earth and the Moon tonight for a total
Lunar eclipse..." -- WCBS Radio Newsbrief, Oct 27 2004, 12:01 pm EDT
More information about the Cygwin-developers