| delorie.com/archives/browse.cgi | search |
Will Parsons wrote: > I'm curious about this. I think I recall from years ago a response to an > enquiry about cygwin security that was basically along the lines that cygwin > is as secure as the underlying Windows system. That made sense to me - why > would cygwin be less secure? Fundamentally, yes, Cygwin is just a normal user mode library so at the end of the day all the security restrictions of the operating system still apply. But consider what happens if you compile POSIX code that uses e.g. chroot(). There is no such syscall on Windows, so Cygwin emulates it. But since Cygwin is not part of the operating system, it can't actually prevent the program from accessing something outside of the new root, say by directly calling the Win32 API or using a Win32 filename. A server daemon for example that ran in a chroot jail would represent a valid security technique on Linux -- this would work as well on paper in Cygwin but it would represent a false sense of security because it's not actually going to prevent much. Brian -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |