Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Message-ID: <C6B07A19E9C78D47B4613C7A46FE91AE44C885@i2km04-ukbr.domain1.systemhost.net>
From: jim DOT a DOT davidson AT bt DOT com
To: cygwin AT cygwin DOT com
Subject: RE: cygwin1.dll
Date: Mon, 27 Jan 2003 16:36:10 -0000
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"

Igor,
Thanks for this info.
The only Cygwin executables being installed will be those to support OpenSSH
on 
that machine e.g. ssh-keygen,scp,sftp etc.
I still do not have a clear understanding of how a user could "hijack" a
cygwin process
running as system account,effectively bypassing system security.
Any info. would be most appreciated.
Thanks. 


> Best Regards
> Jim 
> 		_______________________________________________
> 		BTcd  Computing Partners
> 		Intelligent Systems Management            



-----Original Message-----
From: Igor Pechtchanski [mailto:pechtcha AT cs DOT nyu DOT edu]
Sent: 24 January 2003 16:36
To: Davidson,JA,Jim,YES82 R
Cc: cygwin AT cygwin DOT com
Subject: Re: cygwin1.dll


On Fri, 24 Jan 2003 jim DOT a DOT davidson AT bt DOT com wrote:

> Sirs,
> We are proposing to use the Red Hat OpenSSH package on our NT/W2K servers
> but some concerns
> have been raised re. the Cygwin1.dll shared memory vulnerability.
> As the only Cygwin application running on these machines will be OpenSSH I
> am not sure how
> significant a risk may exist.
> Can you please explain how this vulnerabilty could be exploited so that we
> can determine
> what if any counter measures we could deploy.
> Thanks.

Jim,

I'd like to correct one misconception in your message.  You said that
OpenSSH (I assume you mean sshd) will be "the only Cygwin application
running on these machines".  However, any time a user logs on, sshd will
spawn a shell, and that will spawn whatever other applications the user
runs.  Some of them will most certainly be Cygwin applications.
	Igor
-- 
				http://cs.nyu.edu/~pechtcha/
      |\      _,,,---,,_		pechtcha AT cs DOT nyu DOT edu
ZZZzz /,`.-'`'    -.  ;-;;,_		igor AT watson DOT ibm DOT com
     |,4-  ) )-,_. ,\ (  `'-'		Igor Pechtchanski
    '---''(_/--'  `-'\_) fL	a.k.a JaguaR-R-R-r-r-r-.-.-.  Meow!

Oh, boy, virtual memory! Now I'm gonna make myself a really *big* RAMdisk!
  -- /usr/games/fortune


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/