Mail Archives: cygwin/1997/11/09/14:02:51

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/1997/11/09/14:02:51

From: newsham AT lava DOT net (Tim Newsham)

Subject: gnuwin32 in a multi-user environment

9 Nov 1997 14:02:51 -0800 :

Message-ID: <m0xUehW-0010xzC.cygnus.gnu-win32@malasada.lava.net>

Mime-Version: 1.0

To: gnu-win32 AT cygnus DOT com

Just thought I'd bring this up since I believe most people are
ignorant of this fact:

Cygwin32 is not secure in a multi-user environment.  For
example if you have a long running daemon such as "inetd"
running as admin while ordinary users are logged in, or if
you have a user logged in remotely while another user is logged
into the console.  One cygwin client can trick another into
running code for it.  In this way one user may gain the
priveledge of another cygwin program running on the machine.
This is because cygwin has shared state that is accessible by 
all processes.

                                      Tim N.
-
For help on using this list (especially unsubscribing), send a message to
"gnu-win32-request AT cygnus DOT com" with one line of text: "help".

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

From:	newsham AT lava DOT net (Tim Newsham)
Subject:	gnuwin32 in a multi-user environment
9 Nov 1997 14:02:51 -0800 :
Message-ID:	<m0xUehW-0010xzC.cygnus.gnu-win32@malasada.lava.net>
Mime-Version:	1.0
To:	gnu-win32 AT cygnus DOT com