| delorie.com/archives/browse.cgi | search |
| X-Spam-Check-By: | sourceware.org |
| Date: | Fri, 2 Dec 2005 14:03:49 +0100 |
| From: | Corinna Vinschen <corinna-cygwin AT cygwin DOT com> |
| To: | cygwin AT cygwin DOT com |
| Subject: | Re: multi user environment security due shared memory |
| Message-ID: | <20051202130349.GR2999@calimero.vinschen.de> |
| Reply-To: | cygwin AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| References: | <4390418A DOT 4080000 AT adnovum DOT ch> |
| Mime-Version: | 1.0 |
| In-Reply-To: | <4390418A.4080000@adnovum.ch> |
| User-Agent: | Mutt/1.4.2i |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Unsubscribe: | <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com> |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sourceware.org/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
On Dec 2 13:43, andrea wrote: > Hi all, > > Our company is looking at some security properties of cygwin. We want to > run a daemon like sshd in a multi user environment with cygrunsrv. > > There was an entry [0] in your FAQ from 2000/09/13 that cygwin is not > secure in a multi user environment. This entry was replaced this year > [1], that as of 1.5.13 you are not aware of any feature to gain more > privileges than you have under Windows. For my understanding is this > newest FAQ entry in contrast to what you write in your user guide [2] > about the use of shared memory in your 'kernel'. There you write > "...it does constitute a security hole...". > > > I was not able to find any recent discussion about this topic on this > list (there was one in 2002 [3]). Is there some documentation describing > the shared memory segments accessible by all cygwin users? > > What is the current status of the following security threats and how > would you rate security when running sshd in a multi user environment. > > -Code execution in the context of an other user > -Denial of service by overwriting the shared memory segments > of cygwin > -Data disclosure about processes of an other user by reading > shared memory segments > -Other security issues We're not aware of security implications, but we don't give any guarantee either and there's no such thing as a security survey for Cygwin. If that's not sufficient for your company, feel free to contact Red Hat for a support contract which could cover are more detailed analysis, http://www.redhat.com/software/cygwin/ Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Project Co-Leader cygwin AT cygwin DOT com Red Hat, Inc. -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |