Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Delivered-To: mailing list cygwin@cygwin.com Date: Mon, 22 Dec 2003 23:57:51 -0500 From: Christopher Faylor To: cygwin@cygwin.com Cc: "Pierre A. Humblet" Subject: Re: Unable to compile cygwin Message-ID: <20031223045751.GB10202@redhat.com> Mail-Followup-To: cygwin@cygwin.com, "Pierre A. Humblet" References: <20031222215956.GB32638@redhat.com> <20031223015333.GA7322@redhat.com> <20031223041300.GA1004023@hpn5170x> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20031223041300.GA1004023@hpn5170x> User-Agent: Mutt/1.4.1i X-IsSubscribed: yes Reply-To: cygwin@cygwin.com On Mon, Dec 22, 2003 at 11:13:00PM -0500, Pierre A. Humblet wrote: >I believe that the latest snapshot is "as secure as Windows" in the case >where the only Cygwin processes are logged in using Terminal Services >on Windows 2003 or Windows 2000 sp4, and do not have the "Create Global >Object" privilege (please don't laugh, that's an achievement). >That is, if such a user runs cygwin compiled programs under a cygwin shell, >he is no more exposed and has no more power that if running regular Windows >programs under cmd.exe There are still other holes. However, while I understand that there is no real security in security through obscurity, I don't think it is useful to discuss all of the specific holes we know of in a public list. -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/