Add Pierre's security text.
This commit is contained in:
Joshua Daniel Franklin
parent
7c8d92d7a6
commit
7486d0c019
|
|
@ -1,3 +1,7 @@
|
||||||
|
2005-03-03 Joshua Daniel Franklin <joshuadfranklin@yahoo.com>
|
||||||
|
|
||||||
|
* how-api.texinfo: Add Pierre's security text.
|
||||||
|
|
||||||
2005-02-23 Joshua Daniel Franklin <joshuadfranklin@yahoo.com>
|
2005-02-23 Joshua Daniel Franklin <joshuadfranklin@yahoo.com>
|
||||||
|
|
||||||
* README: New file.
|
* README: New file.
|
||||||
|
|
|
||||||
|
|
@ -174,17 +174,12 @@ ones which have a "#!" as their first characters.
|
||||||
|
|
||||||
@subsection How secure is Cygwin in a multi-user environment?
|
@subsection How secure is Cygwin in a multi-user environment?
|
||||||
|
|
||||||
Cygwin is not secure in a multi-user environment. For
|
As of version 1.5.13, the Cygwin developers are not aware of any feature
|
||||||
example if you have a long running daemon such as "inetd"
|
in the cygwin dll that would allow users to gain privileges or to access
|
||||||
running as admin while ordinary users are logged in, or if
|
objects to which they have no rights under Windows. However there is no
|
||||||
you have a user logged in remotely while another user is logged
|
guarantee that Cygwin is as secure as the Windows it runs on. Cygwin
|
||||||
into the console, one cygwin client can trick another into
|
processes share some variables and are thus easier targets of denial of
|
||||||
running code for it. In this way one user may gain the
|
service type of attacks.
|
||||||
privilege of another cygwin program running on the machine.
|
|
||||||
This is because cygwin has shared state that is accessible by
|
|
||||||
all processes.
|
|
||||||
|
|
||||||
(Thanks to Tim Newsham (newsham@@lava.net) for this explanation).
|
|
||||||
|
|
||||||
@subsection How do the net-related functions work?
|
@subsection How do the net-related functions work?
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue