Mailing-List: contact cygwin-developers-help AT sourceware DOT cygnus DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-developers-owner AT sources DOT redhat DOT com Delivered-To: mailing list cygwin-developers AT sources DOT redhat DOT com Date: Thu, 29 Mar 2001 11:12:32 +0400 From: Egor Duda X-Mailer: The Bat! (v1.45) Personal Reply-To: egor duda Organization: DEO X-Priority: 3 (Normal) Message-ID: <3881491588.20010329111232@logos-m.ru> To: "Robert Collins" CC: cygwin-developers AT cygwin DOT com Subject: Re: security hole in tty handling code In-reply-To: <00c001c0b7ce$260631a0$0200a8c0@lifelesswks> References: <4531563555 DOT 20010328212023 AT logos-m DOT ru> <00c001c0b7ce$260631a0$0200a8c0 AT lifelesswks> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Hi! Thursday, 29 March, 2001 Robert Collins robert DOT collins AT itdomain DOT com DOT au wrote: RC> Why not just set the permissions and let the client calls fail if they RC> aren't from the same user? because this will break applications that change user context, such as sshd. RC> I've heard that RC> "server" based solutions like you've put toghether usually fail in RC> terminal server environments... do you have any evidence? anywaym, i think it's probably easy to test. Egor. mailto:deo AT logos-m DOT ru ICQ 5165414 FidoNet 2:5020/496.19