From: newsham AT lava DOT net (Tim Newsham) Subject: gnuwin32 in a multi-user environment 9 Nov 1997 14:02:51 -0800 Message-ID: Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit To: gnu-win32 AT cygnus DOT com Just thought I'd bring this up since I believe most people are ignorant of this fact: Cygwin32 is not secure in a multi-user environment. For example if you have a long running daemon such as "inetd" running as admin while ordinary users are logged in, or if you have a user logged in remotely while another user is logged into the console. One cygwin client can trick another into running code for it. In this way one user may gain the priveledge of another cygwin program running on the machine. This is because cygwin has shared state that is accessible by all processes. Tim N. - For help on using this list (especially unsubscribing), send a message to "gnu-win32-request AT cygnus DOT com" with one line of text: "help".