Mailing-List: contact cygwin-help AT sourceware DOT cygnus DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT sources DOT redhat DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT sources DOT redhat DOT com>
List-Help: <mailto:cygwin-help AT sources DOT redhat DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT sources DOT redhat DOT com
Delivered-To: mailing list cygwin AT sources DOT redhat DOT com
Date: Wed, 8 Aug 2001 19:07:43 +0400
From: egor duda <deo AT logos-m DOT ru>
X-Mailer: The Bat! (v1.53 RC/4)
Reply-To: egor duda <cygwin AT cygwin DOT com>
Organization: deo
X-Priority: 3 (Normal)
Message-ID: <2692978656.20010808190743@logos-m.ru>
To: joshua DOT newton AT dfs DOT com
CC: cygwin AT cygwin DOT com
Subject: Re: Silly question about OpenSSH and Cygwin
In-Reply-To: <88256AA2.00500311.00@us-sfo-hub01.dfs>
References: <88256AA2 DOT 00500311 DOT 00 AT us-sfo-hub01 DOT dfs>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Hi!

Wednesday, 08 August, 2001 joshua DOT newton AT dfs DOT com joshua DOT newton AT dfs DOT com wrote:

jndc> I'm going to cross my fingers and hope this question hasn't been asked before.

jndc> Is Cygwin still inherently insecure on a multiuser system, or is this a FAQ
jndc> entry that hasn't been revised in a while?

yes. it's still insecure. i don't know any ways to exploit cygwin
remotely, but doing so locally is rather easy. see thread
http://sources.redhat.com/ml/cygwin-developers/2001-04/msg00073.html
if you want details.

making cygwin secure requires architectural changes and adding special
"cygwin daemon" which will take care of inter-process security stuff.
there's a prototype of such daemon posted in
http://sources.redhat.com/ml/cygwin-patches/2001-q1/msg00260.html, but
i have to admit it's a bit "unpractical", i.e. its interface is not
very flexible. it works for me for several months now, though.

and i should stress out that it's _only_one_ of known security holes
in cygwin.

jndc> If it's still correct, is there any way to lock it down, or
jndc> protect Cygwin from non-admin users? The new system I was
jndc> prototyping relies on sshd running on all the  workstations. I
jndc> see lots of other folks using OpenSSH on Cygwin for a variety of
jndc> things, so I'm going to guess  that I missed something.

they probably don't care much ( not being paranoid :) ), or they can
trust users that logon locally on machines with sshd.

jndc> But -- we're working in a reasonably security-conscious environment, and the
jndc> last thing I want to do is explain myself to an audit team when
jndc> they find out I deployed new code that's hackable by anyone
jndc> logged into the workstations locally.

then you can help us with audit of cygwin's security! :) i believe any
potential security hole in cygwin should and _can_ be fixed, but
1) we must know about this particular hole.
2) it may take time and certain amount of efforts to fix it.

Egor.            mailto:deo AT logos-m DOT ru ICQ 5165414 FidoNet 2:5020/496.19


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/