Mailing-List: contact cygwin-help AT sourceware DOT cygnus DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT sources DOT redhat DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT sources DOT redhat DOT com>
List-Help: <mailto:cygwin-help AT sources DOT redhat DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT sources DOT redhat DOT com
Delivered-To: mailing list cygwin AT sources DOT redhat DOT com
From: joetesta AT hushmail DOT com
Message-Id: <200105212315.QAA30455@user7.hushmail.com>
Content-type: multipart/mixed; boundary="Hushpart_boundary_rILQaFWfpqBdmsJuwIZGrqhqhewWpOtB"
Subject: The security of OpenSSH with cygwin.
Mime-version: 1.0
To: bugtraq AT securityfocus DOT com, cygwin AT cygwin DOT com
Date: Mon, 21 May 2001 19:09:41 -0800 (PDT)

--Hushpart_boundary_rILQaFWfpqBdmsJuwIZGrqhqhewWpOtB
Content-type: text/plain

----- Begin Hush Signed Message from joetesta AT hushmail DOT com -----

Hi --

    I am about to undertake a project using OpenSSH with cygwin (http://www.cygwin.com/). 
 Before doing so, I would like to ask if there is anyone who has done any 
security research on this combination already.
    I have never seen any advisories on the BUGTRAQ mailing list, and this 
makes me a little uneasy (generally, I don't trust software that hasn't 
had at least one security fix in its history, unless I am its author =] 
).  I have been trained enough to realize that complexity is security's 
enemy, and using the cygwin library to wrap the UNIX API with the Window's 
API definitely makes things more complex.
    So, I'd like to know how many people have *at least tried* to find holes 
in an OpenSSH-cygwin combo.  I think I would feel a little better if I know 
that an honest attempt was made.  Thanks in advance.


    - Joe Testa

e-mail:   joetesta AT hushmail DOT com
web page: http://hogs.rit.edu/~joet
AIM:      LordSpankatron


----- Begin Hush Signature v1.3 -----
Eb5nyu04VZj5/7cmeklvZ79BqUGto/ln3c8Cy4H5R2EsgxhXqTwbDxpszhCGF/+6BrJ/
oYY1nBWSKT97BDy017HHfWt0JBhZy4wfP9VbqmRzFx2QAJr6dVS9VRf9/5DWVM4+7SSX
6vZvBPiygdYujzlDmEIrziP9PGXL8+/fRj98pgGE53uKc9yIcDKmef1Uf1q7z5pPy8O7
PE+IRCtF7jUtr4PTOV935d9499lXvM547MDvvx4394WDskG8prKyYaE9uZKc1wzCA0ob
z7Gvhz4i9jAZIXXJ+m8Z4EU3n9gLpy/gz25grXO7ktH54ZEDdmQ25j3za+bIFCZ3u93w
VbbYxKO6rQOjvPWTatcPHGC6TwBh+JxIEoVlLMVyIbjncamNL4Xd3odpcyd4Ukn6bItU
sUnVLMIV6AaB693fKmrw30nywV6fKtrQbmr6appLvByCzXbS7X2DMrvLeL+dbODTTDSo
eajwTcTPS5LdU8ZeDVs9rLnTC4HFRVFTaUwk1w34DWHN
----- End Hush Signature v1.3 -----


This message has been signed with a Hush Digital Signature. 
To verify the signature, please go to www.hush.com/tools


Free, encrypted, secure Web-based email at www.hushmail.com

--Hushpart_boundary_rILQaFWfpqBdmsJuwIZGrqhqhewWpOtB
Content-Type: text/plain; charset=us-ascii

--
Want to unsubscribe from this list?
Check out: http://cygwin.com/ml/#unsubscribe-simple
--Hushpart_boundary_rILQaFWfpqBdmsJuwIZGrqhqhewWpOtB--