This is the mail archive of the cygwin-developers@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: How secure is Cygwin in a multi-user environment?


At 12:03 PM 3/2/2005 -0500, Igor Pechtchanski wrote:
>On Wed, 2 Mar 2005, Corinna Vinschen wrote:
>
>> On Mar  1 21:33, Pierre A. Humblet wrote:
>> > [...]
>> > This isn't up to date any more, the hole described above is now fixed.
>> > So the entry should be updated. I suggest replacing it with the
following:
>> >
>> > How secure is Cygwin in a multi-user environment?
>> >
>> > As of version 1.5.13, the Cygwin developers are not aware of any feature
>> > in the cygwin dll that would allow users to gain privileges or to access
>> > objects
>> > to which they have no rights under Windows.
>> > Cygwin processes share some variables and are thus easier targets of
>> > denial of service type of attacks.
>>
>> What I really like to see is the hint that we don't give any guarantee
>> for being "secure".
>
>How about "Cygwin is as secure as the Windows it runs on"?
>	Igor
>-- 

How about:

As of version 1.5.13, the Cygwin developers are not aware of any feature
in the cygwin dll that would allow users to gain privileges or to access
objects to which they have no rights under Windows. However there is no
guarantee that Cygwin is as secure as the Windows it runs on.
Cygwin processes share some variables and are thus easier targets of
denial of service type of attacks.

Pierre


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]