Mail Archives: cygwin/1997/11/24/01:42:45

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/1997/11/24/01:42:45

From: noer AT cygnus DOT com (Geoffrey Noer)

Subject: Re: Thread-safeness in cygwin32

24 Nov 1997 01:42:45 -0800 :

Message-ID: <199711232322.PAA15098.cygnus.gnu-win32@rtl.cygnus.com>

References: <34759B87 DOT 29AA39B8 AT redes DOT int DOT com DOT mx>

To: mka AT redes DOT int DOT com DOT mx (Michael Anderson)

Cc: noer AT cygnus DOT com, gnu-win32 AT cygnus DOT com

> Can one process corrupt another
> through the common use of cygwin.dll or otherwise?

Yes.  Needless to say, this is highly undesirable.

I'll repeat something from the list that will be included in the
b19 FAQ:

Cygwin32 is not secure in a multi-user environment.  For
example if you have a long running daemon such as "inetd"
running as admin while ordinary users are logged in, or if
you have a user logged in remotely while another user is logged
into the console.  One cygwin client can trick another into
running code for it.  In this way one user may gain the
priveledge of another cygwin program running on the machine.
This is because cygwin has shared state that is accessible by
all processes.

(thanks to Tim Newsham (newsham@@lava.net) for this explanation)

-- 
Geoffrey Noer
noer AT cygnus DOT com
-
For help on using this list (especially unsubscribing), send a message to
"gnu-win32-request AT cygnus DOT com" with one line of text: "help".

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

From:	noer AT cygnus DOT com (Geoffrey Noer)
Subject:	Re: Thread-safeness in cygwin32
24 Nov 1997 01:42:45 -0800 :
Message-ID:	<199711232322.PAA15098.cygnus.gnu-win32@rtl.cygnus.com>
References:	<34759B87 DOT 29AA39B8 AT redes DOT int DOT com DOT mx>
To:	mka AT redes DOT int DOT com DOT mx (Michael Anderson)
Cc:	noer AT cygnus DOT com, gnu-win32 AT cygnus DOT com