Getting Cygwin into a corporation..

Sam Edge
Wed Apr 24 14:42:00 GMT 2002

You wrote in <01fd01c1ebba$23197580$0d76aec7@D4LHBR01>
in gmane.os.cygwin on Wed, 24 Apr 2002 11:01:56 -0700:

> In the company I work for they have outlawed all Unix
> variants (Linux, Solaris, OSX) from certain networks. I
> asked why Cygwin could not be installed and here is
> some of the response I got back:
> > Cygwin, in itself, is typically a harmless application.  
> > However, once installed, it does allow a user to invalidate 
> > the NT Security architecture; a user can then install cygwin 
> > ports without the NT administrators consent (including, of 
> > course, the cygwin DHCP port).
> How should I respond to this?

Cygwin1.dll and Cygwin applications makes calls to the OS API via
kernel32.dll and the other system DLLs just like any other Windows
application does. There's nothing they can do when run via a specific
user account that any other Windows program couldn't do running from
that same account.

The shared memory used by cygwin1.dll is not protected so a malicious
or buggy process in one context could crash a Cygwin process running
in another by corrupting this data. But if you avoid installing any
Cygwin programs as NT services then they'll all be running
interactively in the context of the current user so they can't do
anything that can't be done anyway.

Sam Edge

Unsubscribe info:
Bug reporting:

More information about the Cygwin mailing list