security and cygwin

Reini Urban rurban@x-ray.at
Mon Sep 20 17:23:00 GMT 2004 

Koskie, Sarah schrieb:
>>>Are there any other security related issues I should know about?  I
>>>have to assume that cygwin as installed is safe until I have time to look
>>>into it, so I am hoping that my faith is not misplaced.
>>
>>See the FAQ entry:
>>
>>How secure is Cygwin in a multi-user environment?
>><http://cygwin.com/faq/faq_toc.html#TOC78>
> 
> Thanks, but that does not answer my question.  I do not know what
> daemons are running.  

It does answer it.
If you don't know this, you are completely unsafe.

> I did not start any.  I assume some are started in
> the installation process but I don't know how to find out which they
> are.  I just searched the FAQs for any other mention of "daemon" and
> found none.  I have also checked the User's guide but it does not seem
> to contain any relevant info that I can see.  There should never be any
> users logged in remotely to my cygwin and if there is something I have
> to do to enforce that, that's part of what I want to know.  I should
> also be the only one using sftp, ssh, etc. With the previous version of
> cygwin, I was able to sftp and ssh from cygwin to other machines but not
> from other machines to  my desktop computer.  I hope that is still the
> case.  I'll check it eventually, but as mentioned, I have a
> more-than-full time job as other than an UNIX programmer or system
> administrator and I cannot just stop and spend a month setting up
> cygwin.  In the past I didn't have to.  The lack of relevant
> documentation and the complexity of the current setup and install
> process are extremely frustrating. 

Trust the FAQ: It's unsafe.
Esp. when you don't know what a daemon is. Just believe it.

A daemon is a long-running "satanic" background process.
See your Task Manager on the Process Tab.

One of the daemons you don't see is for example called "Explorer" (the 
windows desktop). This is one of the worst security holes on windows, 
regardless of cygwin.

sftp, sshd, cygserver, cron and all other cygwin services are also 
daemons, which share global data via cygwin1.dll. If you are running 
them as user, a possible intruder can gain permissions of this user.
If you run cygwin programs as service the intruder might gain 
permissions of the SYSTEM user.
-- 
Reini Urban


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

More information about the Cygwin mailing list