Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Message-ID: <004301c2c27a$be33f530$78d96f83@pomello>
From: "Max Bowsher" <maxb AT ukf DOT net>
To: "Lambeth Darwin" <dlambeth AT darwinsdomain DOT com>, <cygwin AT cygwin DOT com>
Cc: <dlambeth AT starmountain DOT com>
References: <5D031EBC03123A4AB69FDC7FD99ACCFC13BF AT exchange DOT darwinsdomain DOT com>
Subject: Re: Security Issue with Cygwin
Date: Thu, 23 Jan 2003 00:59:54 -0000
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106

Lambeth Darwin wrote:
> To whom it may concern;
>
> Not sure if you know this or not, but the default configuration with
> Cygwin allows any user to change to any directory on a W2K box and
> delete whatever files they want. I have installed it with the current
> default instructions and was able to logon as a regular domain user
> and cd to c: and delete or add files. That is a major issue. Let me
> know if there is something I missed.

Sounds like C: has excessively relaxed permissions, and you coincidentally
noticed after you had installed Cygwin.

You should be able to exactly the same from a cmd.exe shell.


Max.


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/