Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
To: cygwin@cygwin.com
Path: not-for-mail
From: Shankar Unni <shankar@cotagesoft.com>
Newsgroups: gmane.os.cygwin
Subject: Re: DoD Security Clearance for cygwin? (OT)
Date: Thu, 22 Aug 2002 11:06:29 -0700
Lines: 22
Message-ID: <3D652825.8070401@cotagesoft.com>
References: <30C9E24891FFD411B68A009027724CB702C04D4C@eg-002-015.eglin.af.mil> <20020822021226.GB14384@inetix.com.au>
NNTP-Posting-Host: adsl-63-193-31-178.dsl.snfc21.pacbell.net
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
NNTP-Posting-Date: Thu, 22 Aug 2002 18:06:55 +0000 (UTC)
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.0rc2) Gecko/20020618 Netscape/7.0b1

Graeme Merrall wrote:
> On Wed, Aug 21, 2002 at 11:06:14AM -0500, Keen Wayne A Contr AFRL/MNGG wrote:
> 
>>Cygwin is not used (at least in this office and lab) in an environment in
>>which its security (or lack thereof) is an issue.
>>
>>Thats about all I can say and be secure.

> As a non-US, non-military exposed individual I love this security stuff.

As an aside to an OT aside, the question is important. If you have a 
host OS that has, say, a B1 certification (which I doubt Windows has, 
even disconnected from the Net :-), you don't want to run a system or 
application on it that could theoretically allow you to bypass those 
access checks (say, due to a bug in the authentication and authorization 
code).

I wonder if anyone is sufficiently motivated to perform such a thorough 
security review of the entire Cygwin platform.
--
Shankar.


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/