Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Delivered-To: mailing list cygwin@cygwin.com Date: Tue, 22 Jan 2002 11:13:50 +0100 From: Corinna Vinschen To: cygwin Subject: Re: security with the ftp daemon Message-ID: <20020122111350.F23034@cygbert.vinschen.de> Mail-Followup-To: cygwin References: <002c01c1a23f$ac0f2e80$2801a8c0@DCUTHBERT2K> <20020121103959.G11608@cygbert.vinschen.de> <001301c1a2e2$a2b82410$2801a8c0@DCUTHBERT2K> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <001301c1a2e2$a2b82410$2801a8c0@DCUTHBERT2K> User-Agent: Mutt/1.3.22.1i On Tue, Jan 22, 2002 at 10:18:01AM +0900, Dylan Cuthbert wrote: > Thanks, you were right, I regenerated the groups file and it returned to > being secure again - it seems a bit dangerous to default to admins group, > maybe better if it defaults to guest or something along those lines? Security wasn't one of the design goals of Cygwin originally. The reason for using admin as fallback was to ensure that applications still run even if some settings are broken. That's obviously not the problem when explicitely switching user context. See http://cygwin.com/ml/cygwin/2002-01/msg01190.html for a current discussion of related problems. I'm going to switch over to no default at all. Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Developer mailto:cygwin@cygwin.com Red Hat, Inc. -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/