Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Date: Tue, 21 Sep 2004 13:30:00 -0400 (EDT) From: Igor Pechtchanski Reply-To: cygwin AT cygwin DOT com To: "Koskie, Sarah" cc: cygwin AT cygwin DOT com Subject: RE: security and cygwin In-Reply-To: Message-ID: References: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Scanned-By: MIMEDefang 2.39 On Tue, 21 Sep 2004, Koskie, Sarah wrote: > Actually, Reini, I didn't say that I didn't know what a daemon was, I > said that I didn't know how to find out which ones were running (without > additional research, which, has thus far been fruitless). If I type ps > -fA on my linux box at home, I get a list of all the running processes, > even when I am not logged in as root. When I type ps -fA in cygwin, I > do not get a complete list -- just my shell and the ps command. Not true. Cygwin's "ps" doesn't even understand the "-A" flag. Did you mean the "-a" flag (lowercase, same as "-e")? That should show all the processes that run with the same Cygwin1.dll as the "ps" program (which should be all Cygwin processes for most people). If you don't see any processes owned by SYSTEM, you're not running any daemons. If you want to see Windows processes as well, use the "-W" (uppercase) flag. > Of course this brings up the question of who, exactly is root under > cygwin, but a check of /etc/passwd seems to indicate that there isn't > one. I gather that if SYSTEM or Administrators wanted to take on the > role, they'd be able to do it. Any user is able to see all of the Cygwin processes, independent of which user they run as. > As far as I can see from what you wrote, the real issue is that windows > is unsafe. I don't use Explorer, and if there is an intruder on my > machine, I already have a problem, independent of what they can do using > cygwin services. The question is whether someone can use cygwin to > intrude. Cygwin services (daemons) are usually as safe as the equivalent versions of their Linux counterparts. If you're interested, see advisory sites for known vulnerabilities. Cygwin maintainers are usually very good at keeping up-to-date with the vulnerability patches for most services (apache notwithstanding). > I guess I don't see why anyone would install cygwin rather than linux > unless they were stuck in a networked windows environment as I am, so I > would assume that it would be designed to work reasonably in such an > environment. Only I and computer services have accounts on the machine. > I have to trust computer services, and if they screw up, they can't > blame me, so the only issue here is what I personally have to do to make > sure I do not introduce extra security risks into the system. (Wish the > documentation addressed XP Pro rather than just NT.) There shouldn't be much difference between XP Pro and NT in terms of the Windows security interface that Cygwin uses. Hope this answers your question. > > -----Original Message----- > > From: Reini Urban [mailto:rurbanx-rayat] Oh, and . Thanks. Igor -- http://cs.nyu.edu/~pechtcha/ |\ _,,,---,,_ pechtcha AT cs DOT nyu DOT edu ZZZzz /,`.-'`' -. ;-;;,_ igor AT watson DOT ibm DOT com |,4- ) )-,_. ,\ ( `'-' Igor Pechtchanski, Ph.D. '---''(_/--' `-'\_) fL a.k.a JaguaR-R-R-r-r-r-.-.-. Meow! "Happiness lies in being privileged to work hard for long hours in doing whatever you think is worth doing." -- Dr. Jubal Harshaw -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/