Mail Archives: cygwin/2003/12/22/23:58:03

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2003/12/22/23:58:03

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sources.redhat.com/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

Date: Mon, 22 Dec 2003 23:57:51 -0500

From: Christopher Faylor <cgf-no-personal-reply-please AT cygwin DOT com>

To: cygwin AT cygwin DOT com

Cc: "Pierre A. Humblet" <pierre DOT humblet AT ieee DOT org>

Subject: Re: Unable to compile cygwin

Message-ID: <20031223045751.GB10202@redhat.com>

Mail-Followup-To: cygwin AT cygwin DOT com, "Pierre A. Humblet" <pierre DOT humblet AT ieee DOT org>

References: <BAY9-F16kERMwSuWPjm00018ce5 AT hotmail DOT com> <20031222215956 DOT GB32638 AT redhat DOT com> <bs7rcu$bcf$1 AT sea DOT gmane DOT org> <20031223015333 DOT GA7322 AT redhat DOT com> <20031223041300 DOT GA1004023 AT hpn5170x>

Mime-Version: 1.0

In-Reply-To: <20031223041300.GA1004023@hpn5170x>

User-Agent: Mutt/1.4.1i

X-IsSubscribed: yes

Reply-To: cygwin AT cygwin DOT com

On Mon, Dec 22, 2003 at 11:13:00PM -0500, Pierre A. Humblet wrote:
>I believe that the latest snapshot is "as secure as Windows" in the case
>where the only Cygwin processes are logged in using Terminal Services
>on Windows 2003 or Windows 2000 sp4, and do not have the "Create Global
>Object" privilege (please don't laugh, that's an achievement).
>That is, if such a user runs cygwin compiled programs under a cygwin shell,
>he is no more exposed and has no more power that if running regular Windows 
>programs under cmd.exe

There are still other holes.

However, while I understand that there is no real security in security
through obscurity, I don't think it is useful to discuss all of the
specific holes we know of in a public list.

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sources.redhat.com/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Date:	Mon, 22 Dec 2003 23:57:51 -0500
From:	Christopher Faylor <cgf-no-personal-reply-please AT cygwin DOT com>
To:	cygwin AT cygwin DOT com
Cc:	"Pierre A. Humblet" <pierre DOT humblet AT ieee DOT org>
Subject:	Re: Unable to compile cygwin
Message-ID:	<20031223045751.GB10202@redhat.com>
Mail-Followup-To:	cygwin AT cygwin DOT com, "Pierre A. Humblet" <pierre DOT humblet AT ieee DOT org>
References:	<BAY9-F16kERMwSuWPjm00018ce5 AT hotmail DOT com> <20031222215956 DOT GB32638 AT redhat DOT com> <bs7rcu$bcf$1 AT sea DOT gmane DOT org> <20031223015333 DOT GA7322 AT redhat DOT com> <20031223041300 DOT GA1004023 AT hpn5170x>
Mime-Version:	1.0
In-Reply-To:	<20031223041300.GA1004023@hpn5170x>
User-Agent:	Mutt/1.4.1i
X-IsSubscribed:	yes
Reply-To:	cygwin AT cygwin DOT com