X-Recipient: archive-cygwin AT delorie DOT com
X-Spam-Check-By: sourceware.org
Message-ID: <46F238A7.9090807@etr-usa.com>
Date: Thu, 20 Sep 2007 03:08:55 -0600
From: Warren Young <warren AT etr-usa DOT com>
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: Cygwin-L <cygwin AT cygwin DOT com>
Subject: Re: Is there someone offering cygwin paid support?
References: <e2712e1d0709140741n37326b85x8e9ef9a573f77a79 AT mail DOT gmail DOT com> <2D9E96311DCA4C48BF185EA6928BC7BB026A1822 AT asc-mail DOT int DOT ascribe DOT com> <e2712e1d0709170939m61231a41k665ba93e151495bd AT mail DOT gmail DOT com> <fcmgrl$m5s$1 AT sea DOT gmane DOT org> <e2712e1d0709171249l856e9b1wd20369091011e723 AT mail DOT gmail DOT com> <fcn658$vkl$1 AT sea DOT gmane DOT org> <20070918155829 DOT 1648 AT blackhawk> <20070918151831 DOT GA27067 AT trixie DOT casa DOT cgf DOT cx> <slrnff0nrp DOT og DOT oudeis AT isis DOT thalatta DOT eme>
In-Reply-To: <slrnff0nrp.og.oudeis@isis.thalatta.eme>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-IsSubscribed: yes
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

Will Parsons wrote:
> why would cygwin be less secure?

The more moving parts, the more things there are to break.

Postulate that you have a program that's been audited to the point that 
you're absolutely certain it's 100% secure when run on Linux.

Then you port it to Cygwin.  Is it secure?  The answer cannot be "Yes" 
until you have also audited Cygwin itself to the same level of assurance.

Just one way it could fail is if there is a buffer overflow in the 
implementation of one of Cygwin's interfaces, and your "100% secure" 
program calls it.  It's then only a matter of time for a skilled hacker 
to turn that buffer overflow into an arbitrary code execution 
vulnerability.  At minimum, the hacker will then have the privileges of 
the program.  Once the hacker has local access, chances are good that he 
can parlay that into a privilege escalation attack, and it's Game Over 
for you.

Security is hard.

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/