Mailing-List:	contact cygwin-developers-help AT sourceware DOT cygnus DOT com; run by ezmlm
List-Subscribe:	<mailto:cygwin-developers-subscribe AT sources DOT redhat DOT com>
List-Archive:	<http://sources.redhat.com/ml/cygwin-developers/>
List-Post:	<mailto:cygwin-developers AT sources DOT redhat DOT com>
List-Help:	<mailto:cygwin-developers-help AT sources DOT redhat DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender:	cygwin-developers-owner AT sources DOT redhat DOT com
Delivered-To:	mailing list cygwin-developers AT sources DOT redhat DOT com
Date:	Thu, 29 Mar 2001 11:12:32 +0400
From:	Egor Duda <deo AT logos-m DOT ru>
X-Mailer:	The Bat! (v1.45) Personal
Reply-To:	egor duda <cygwin-developers AT cygwin DOT com>
Organization:	DEO
X-Priority:	3 (Normal)
Message-ID:	<3881491588.20010329111232@logos-m.ru>
To:	"Robert Collins" <robert DOT collins AT itdomain DOT com DOT au>
CC:	cygwin-developers AT cygwin DOT com
Subject:	Re: security hole in tty handling code
In-reply-To:	<00c001c0b7ce$260631a0$0200a8c0@lifelesswks>
References:	<4531563555 DOT 20010328212023 AT logos-m DOT ru>
	<00c001c0b7ce$260631a0$0200a8c0 AT lifelesswks>
Mime-Version:	1.0

Hi!

Thursday, 29 March, 2001 Robert Collins robert DOT collins AT itdomain DOT com DOT au wrote:

RC> Why not just set the permissions and let the client calls fail if they
RC> aren't from the same user?

because this will break applications that change user context, such as
sshd.

RC> I've heard that
RC> "server" based solutions like you've put toghether usually fail in
RC> terminal server environments...

do you have any evidence? anywaym, i think it's probably easy to test.

Egor.            mailto:deo AT logos-m DOT ru ICQ 5165414 FidoNet 2:5020/496.19

- Raw text -