[prev in list] [next in list] [prev in thread] [next in thread]
List: autoconf
Subject: RE: Pthread Support For Interix
From: Philip Willoughby <pgw99 () doc ! ic ! ac ! uk>
Date: 2002-07-24 13:53:09
Message-ID: Pine.LNX.4.42.0207241445580.17494-100000 () pub ! doc ! ic ! ac ! uk
[Download RAW message or body]
Yesterday, Dan Kegel wrote:
>I just compiled and ran a pthreads program on Cygwin,
>so perhaps they have progressed since last time you checked.
Quite likely, I tend to just use unix ;-). I haven't used cygwin for over
a year.
>Which documented security holes are you referring to?
This was true last time I checked, so may not be true now:
The cygwin DLL stores some data in memory which is not cleared when the
user using it logs out of windows. When I last asked, noone was prepared
to assure me that it would be impossible for this to result in a user's
password(s) being compromised, or for a user to escalate their privileges
by this means.
We therefore felt it would be inappropriate to install the cygwin package
on multi-user machines. I think there was a case of someone escalating
their privileges going around, but I cannot vouch for its authenticity.
Sorry this is a bit vague...
Regards,
Philip Willoughby
Systems Programmer, Department of Computing, Imperial College, London, UK
--
echo bzidd@nfo.ho.co.se | tr "bizndfohces" "pwgd9ociaku"
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic