Mail Archives: cygwin/2007/09/20/11:23:49
On Thu, 20 Sep 2007, Christopher Faylor wrote:
> On Thu, Sep 20, 2007 at 03:08:55AM -0600, Warren Young wrote:
> >Will Parsons wrote:
> >>why would cygwin be less secure?
> >
> >The more moving parts, the more things there are to break.
> >
> >Postulate that you have a program that's been audited to the point that
> >you're absolutely certain it's 100% secure when run on Linux.
> >
> >Then you port it to Cygwin. Is it secure? The answer cannot be "Yes"
> >until you have also audited Cygwin itself to the same level of
> >assurance.
> >
> >Just one way it could fail is if there is a buffer overflow in the
> >implementation of one of Cygwin's interfaces, and your "100% secure"
> >program calls it. It's then only a matter of time for a skilled hacker
> >to turn that buffer overflow into an arbitrary code execution
> >vulnerability. At minimum, the hacker will then have the privileges of
> >the program. Once the hacker has local access, chances are good that
> >he can parlay that into a privilege escalation attack, and it's Game
> >Over for you.
> >
> >Security is hard.
>
> I don't think I've given out a gold star for a clear explanation in a
> long time but can we get one over here?
Certainly: <http://cygwin.com/goldstars/#WY>.
Igor
P.S. I also owe quite a few to folks on the cygwin-apps list...
--
http://cs.nyu.edu/~pechtcha/
|\ _,,,---,,_ pechtcha AT cs DOT nyu DOT edu | igor AT watson DOT ibm DOT com
ZZZzz /,`.-'`' -. ;-;;,_ Igor Peshansky, Ph.D. (name changed!)
|,4- ) )-,_. ,\ ( `'-' old name: Igor Pechtchanski
'---''(_/--' `-'\_) fL a.k.a JaguaR-R-R-r-r-r-.-.-. Meow!
Belief can be manipulated. Only knowledge is dangerous. -- Frank Herbert
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
- Raw text -