Mail Archives: cygwin/2003/01/24/11:36:54
On Fri, 24 Jan 2003 jim DOT a DOT davidson AT bt DOT com wrote:
> Sirs,
> We are proposing to use the Red Hat OpenSSH package on our NT/W2K servers
> but some concerns
> have been raised re. the Cygwin1.dll shared memory vulnerability.
> As the only Cygwin application running on these machines will be OpenSSH I
> am not sure how
> significant a risk may exist.
> Can you please explain how this vulnerabilty could be exploited so that we
> can determine
> what if any counter measures we could deploy.
> Thanks.
Jim,
I'd like to correct one misconception in your message. You said that
OpenSSH (I assume you mean sshd) will be "the only Cygwin application
running on these machines". However, any time a user logs on, sshd will
spawn a shell, and that will spawn whatever other applications the user
runs. Some of them will most certainly be Cygwin applications.
Igor
--
http://cs.nyu.edu/~pechtcha/
|\ _,,,---,,_ pechtcha AT cs DOT nyu DOT edu
ZZZzz /,`.-'`' -. ;-;;,_ igor AT watson DOT ibm DOT com
|,4- ) )-,_. ,\ ( `'-' Igor Pechtchanski
'---''(_/--' `-'\_) fL a.k.a JaguaR-R-R-r-r-r-.-.-. Meow!
Oh, boy, virtual memory! Now I'm gonna make myself a really *big* RAMdisk!
-- /usr/games/fortune
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
- Raw text -