[prev in list] [next in list] [prev in thread] [next in thread] 

List:       autoconf
Subject:    RE: Pthread Support For Interix
From:       Philip Willoughby <pgw99 () doc ! ic ! ac ! uk>
Date:       2002-07-24 13:53:09
Message-ID: Pine.LNX.4.42.0207241445580.17494-100000 () pub ! doc ! ic ! ac ! uk
[Download RAW message or body]

Yesterday, Dan Kegel wrote:

>I just compiled and ran a pthreads program on Cygwin,
>so perhaps they have progressed since last time you checked.

Quite likely, I tend to just use unix ;-).  I haven't used cygwin for over
a year.

>Which documented security holes are you referring to?

This was true last time I checked, so may not be true now:

The cygwin DLL stores some data in memory which is not cleared when the
user using it logs out of windows.  When I last asked, noone was prepared
to assure me that it would be impossible for this to result in a user's
password(s) being compromised, or for a user to escalate their privileges
by this means.

We therefore felt it would be inappropriate to install the cygwin package
on multi-user machines.  I think there was a case of someone escalating
their privileges going around, but I cannot vouch for its authenticity.

Sorry this is a bit vague...

Regards,

Philip Willoughby

Systems Programmer, Department of Computing, Imperial College, London, UK
-- 
echo bzidd@nfo.ho.co.se | tr "bizndfohces" "pwgd9ociaku"



[prev in list] [next in list] [prev in thread] [next in thread]