delorie.com/archives/browse.cgi   search  
Mail Archives: cygwin-developers/1998/06/14/22:43:25

From: noer AT cygnus DOT com (Geoffrey Noer)
Subject: Is this correct?
14 Jun 1998 22:43:25 -0700 :
Message-ID: <19980615051556.A21211.cygnus.cygwin32.developers@cygnus.com>
Mime-Version: 1.0
To: cygwin32-developers AT cygnus DOT com

Does the following paragraph look correct?
-- 
Geoffrey Noer
noer AT cygnus DOT com

-----------------------------

It is important that we discuss the implications of our "kernel" using
shared memory areas to store information about Cygwin32 processes.
Because these areas are not yet protected in any way, in principle a
malicious user could modify them to cause unexpected behavior in
Cygwin32 processes.  While this is not a new problem under Windows
95/98 (because of the lack of operating system security), it does
constitute a security hole in Windows NT.  This is because one user
could affect the Cygwin32 programs run by another user by changing the
shared memory information in ways that they could not in a vanilla
WinNT program.  For this reason, it is not appropriate to use Cygwin32
in high-security applications.  In practice, this will not be a major
problem for most uses of the library.

- Raw text -


  webmaster     delorie software   privacy  
  Copyright © 2019   by DJ Delorie     Updated Jul 2019