Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Date: Mon, 30 Dec 2002 23:34:52 -0500
From: Christopher Faylor <cgf AT redhat DOT com>
To: cygwin AT cygwin DOT com
Cc: Adam DOT Cioccarelli AT ubsw DOT com
Subject: Re: cygwin dll security
Message-ID: <20021231043452.GA26987@redhat.com>
Reply-To: cygwin AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com, Adam DOT Cioccarelli AT ubsw DOT com
References: <601854FE0ACAE44EBE51695AD3D0FA132E75B1 AT NSYDC900PEX1 DOT ubsgs DOT ubsgroup DOT net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <601854FE0ACAE44EBE51695AD3D0FA132E75B1@NSYDC900PEX1.ubsgs.ubsgroup.net>
User-Agent: Mutt/1.5.1i

On Tue, Dec 31, 2002 at 03:26:39PM +1100, Adam DOT Cioccarelli AT ubsw DOT com wrote:
>our company is looking at using Cygwin on our NT/2000 servers.  However
>our security review team has expressed doubts over the fact that Cygwin
>is said to be insecure in a multi user environment.  I was just
>wondering what experienced Cygwin users think about this issue and if
>it is an issue that is likely to be resolved or if there is a work
>around to 'secure' Cygwin in a multi user environment.

Your security review team has every right to be concerned.  Cygwin
should not be used in a secure multiuser environment.  I'd go so far as
to suggest that unless you are interested in growing some kind of
experts in-house in any free software package that you use, you'd be
better off ensuring that whatever you decide upon is fully supported by
a commercial entity.

If you are really interested in security then downloading a package
from a web site for free doesn't seem like the best plan to me unless
you have the expertise to maintain the software yourself.

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/