Mailing-List: contact cygwin-help AT sourceware DOT cygnus DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT sourceware DOT cygnus DOT com>
List-Archive: <http://sourceware.cygnus.com/ml/cygwin/>
List-Post: <mailto:cygwin AT sourceware DOT cygnus DOT com>
List-Help: <mailto:cygwin-help AT sourceware DOT cygnus DOT com>, <http://sourceware.cygnus.com/ml/#faqs>
Sender: cygwin-owner AT sourceware DOT cygnus DOT com
Delivered-To: mailing list cygwin AT sourceware DOT cygnus DOT com
Date: Fri, 28 Apr 2000 19:10:34 -0400
From: Braddock Gaskill <braddock AT braddock DOT com>
To: cygwin AT sourceware DOT cygnus DOT com
Subject: Compliments, and Security
Message-ID: <20000428191034.A4856@braddock.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0.1i

First off, I really wanted to compliment you guys on some excellent
progress the past few months.  I did an install in January, and then
an install of the latest this week, and the new system just seems FAR
more rebustly setup, and the X work is just coming along incredibly.
I will be very surprised if GNOME isn't running smoothly under Win2k
by the end of the year thanks to this foundation.  

My one real..uh..feedback is that the new ftp directory layout makes
it very difficult to download just the binary packages, or to even
know what version you're downloading.  And damn, that old
self-extracting GUI setup that you had in January sure made things
feel simpler.  Still, once installed, the configuration seems much
cleaner.  It'd be nice if the "mount v2" registry info was placed in
the HK_Local_Machine instead of the Current_User if the install is
done as Administrator...took me a while to get the hang of the `cd
/;bin/umount /;bin/mount -s -b //d/blahblah /` so things worked in
user accounts.

Now I want to install CygWin on all the lab machines I administer.  My
question is security.  Can CygWin be easilly exploited by a User to
gain Administrator access to the machine?  I understand there are
security problems associated with the shared-memory technique CygWin
uses, but am I relatively safe as long as no Cygwin processes are
being run in the background as Administrator?  I'm not a guru on the
Windows Security model (or anything with an MS logo on it for that
matter).

	Thanks for the terrific work!
		-Braddock

-- 
JHU ECE Dept System & Network Administrator
Long-term copyrights: Keeping all the knowledge from all the world's people.


--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe AT sourceware DOT cygnus DOT com