Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Date: Wed, 5 Dec 2001 16:47:44 -0500
From: Christopher Faylor <cgf AT redhat DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: Safety of ssh-agent re: fake unix sockets?
Message-ID: <20011205214744.GF17608@redhat.com>
Reply-To: cygwin AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
References: <20011204223757 DOT A17439 AT io DOT jtan DOT com> <792981176 DOT 20011205114801 AT logos-m DOT ru>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <792981176.20011205114801@logos-m.ru>
User-Agent: Mutt/1.3.23.1i

On Wed, Dec 05, 2001 at 11:48:01AM +0300, egor duda wrote:
>I'd like to stress again that cygwin is still insecure and can be
>exploited by users locally logged on, but there's no known remote
>exploits. If anyone knows about the ways to exploit cygwin remotely,
>_please_ report them to cygwin-developers mailing list.

Actually, report them here.  Posting to cygwin-developers is limited to
subscribers only.

I know that this is potentially less secure-through-obscure but I don't
know of any other way to handle this.

cgf

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/