Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
From: "Brian Kelly" <brian DOT m DOT kelly AT verizon DOT net>
To: "'Dennis Russo'" <denrusso AT yahoo DOT com>, <cygwin AT cygwin DOT com>
Subject: RE: Windows Security Hole??
Date: Wed, 16 Jul 2003 21:42:04 -0400
Message-ID: <007101c34c04$a07d4410$6700a8c0@maxstars8g31h2>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
In-Reply-To: <20030717005338.23521.qmail@web12307.mail.yahoo.com>
Importance: Normal
X-Authentication-Info: Submitted using SMTP AUTH at pop016.verizon.net from [141.153.196.11] at Wed, 16 Jul 2003 20:42:00 -0500

I work in a large corporation with an obsessive security staff. Cygwin
is
now "accepted" (unofficially) through the "grease gun" method. In WWII
one Nazi gunmaker was developing the world's first assault weapon.
Hitler
was informed of the effort - deemed it a waste of resources and ordered
the
project cancelled. A procurement general recognized the need for the
weapon,
and quietly "forgot" to cancel the program. A year or so later, the
weapon
was produced and distributed to German soldiers on the Eastern front.
One
day Hitler met briefly with some field commanders from the Eastern front
and
asked if they needed anything. "We need more of these new guns!"

....  What new guns? Was Hitler's reply ....

Defying Hitler was NOT a good career move for anyone! So what do you
think
happened to the general who "forgot" to cancel the weapon program?????

HE WAS COMMENDED!!!

Oh but what a risk he took indeed.

I took a similar risk where I work. Living by the philosophy that I can
do
anything until threatened with termination in a face to face meeting
(Boiler
plate threats in corporate mass e-mails are delete key fodder), I went
ahead
and used Cygwin and Perl to build an incredibly powerful automated
deployment and automated encrypted B2B communications infrastructure.
The
alternative is expenditure in the hundreds of thousands of dollars for
third
party software, licenses, consultants etc, etc. By the time I was
"outed",
management was faced with a cruel dilemma - live by their own rules and
spend money they never budgeted for projects they never fully grasped
nor
understood, or accept the "unacceptable" - production processes running
on
non-proprietary "open source" software. OH THE HORROR!!!

The result - I WAS COMMENDED.

The point is Windows ITSELF is a SECURITY HOLE. You'd hardly do worse
running cygwin on it if you have any kind of security consciousness and
use
good practices and policies. Your problem is, you were probably caught
"too early" before you could do something truly valuable and impressive
with it that would be VERY expensive to replace.

Everything in life is a cost-benefit analysis. Sell a benefit, or impose
a cost, and you will succeed in your agenda more often than not.
Unfortunately, the bigger the organization, the more SIGNIFCANT the cost
or benefit has to be to succeed in successfully creating change. Running
emacs is probably not "significant" enough - unfortunately.


-----Original Message-----
From: cygwin-owner AT cygwin DOT com [mailto:cygwin-owner AT cygwin DOT com] On Behalf
Of Dennis Russo
Sent: Wednesday, July 16, 2003 8:54 PM
To: cygwin AT cygwin DOT com
Subject: Windows Security Hole??

Greetings all-
   I work for a corporation that is completly incased with windows.  I
currently have Win2K installed on my pc along with cygwin.  My security
dept became aware of this and now has asked me to remove cygwin because
it represents a security breetch to the organization.  Does running
cygwin open any security 'holes' in a Win2K networked environment??  My
thinking in this matter is that any information that I send while in
cygwin would get 'encapsulated' and passed to Windows to determine what
to do with it.  Therefore, any security setting (GPOs, etc) are still
enforced.  I'm really only using it to run my perl scripts and have
access to emacs.

  Any help or insight into this matter would be greatly appreciated... 




cheers,
dr


__________________________________
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
http://sbc.yahoo.com

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/