Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Subject: Re: Security Issue with Cygwin From: Robert Collins To: Lambeth Darwin Cc: cygwin AT cygwin DOT com, dlambeth AT starmountain DOT com In-Reply-To: <5D031EBC03123A4AB69FDC7FD99ACCFC13BF@exchange.darwinsdomain.com> References: <5D031EBC03123A4AB69FDC7FD99ACCFC13BF AT exchange DOT darwinsdomain DOT com> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-YP6tNHyL1UWZ0c4h8e8S" Organization: Message-Id: <1043283379.1008.12.camel@lifelesslap> Mime-Version: 1.0 Date: 23 Jan 2003 11:56:19 +1100 --=-YP6tNHyL1UWZ0c4h8e8S Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Thu, 2003-01-23 at 11:48, Lambeth Darwin wrote: > To whom it may concern; >=20 > Not sure if you know this or not, but the default configuration with Cygw= in allows any user to change to any directory on a W2K box and delete whate= ver files they want. I have installed it with the current default instructi= ons and was able to logon as a regular domain user and cd to c: and delete = or add files. That is a major issue. Let me know if there is something I mi= ssed. Thats the Microsoft default install that grants those permissions. Cygwin doesn't affect permissions outside of the cygwin directory tree. Rob --=20 GPG key available at: . --=-YP6tNHyL1UWZ0c4h8e8S Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQA+Lz2yI5+kQ8LJcoIRAslzAKCVHqa8g6SYf85Wi+GD3k+Ay4E7RACgkcLZ JrVUMwaBiSaLUa2Lrt6tpDw= =ThAu -----END PGP SIGNATURE----- --=-YP6tNHyL1UWZ0c4h8e8S--