Add Pierre's security text.

This commit is contained in:
Joshua Daniel Franklin 2005-03-03 16:36:08 +00:00
parent 7c8d92d7a6
commit 7486d0c019
2 changed files with 10 additions and 11 deletions

View File

@ -1,3 +1,7 @@
2005-03-03 Joshua Daniel Franklin <joshuadfranklin@yahoo.com>
* how-api.texinfo: Add Pierre's security text.
2005-02-23 Joshua Daniel Franklin <joshuadfranklin@yahoo.com>
* README: New file.

View File

@ -174,17 +174,12 @@ ones which have a "#!" as their first characters.
@subsection How secure is Cygwin in a multi-user environment?
Cygwin is not secure in a multi-user environment. For
example if you have a long running daemon such as "inetd"
running as admin while ordinary users are logged in, or if
you have a user logged in remotely while another user is logged
into the console, one cygwin client can trick another into
running code for it. In this way one user may gain the
privilege of another cygwin program running on the machine.
This is because cygwin has shared state that is accessible by
all processes.
(Thanks to Tim Newsham (newsham@@lava.net) for this explanation).
As of version 1.5.13, the Cygwin developers are not aware of any feature
in the cygwin dll that would allow users to gain privileges or to access
objects to which they have no rights under Windows. However there is no
guarantee that Cygwin is as secure as the Windows it runs on. Cygwin
processes share some variables and are thus easier targets of denial of
service type of attacks.
@subsection How do the net-related functions work?