[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Pthread Support For Interix
|
From: |
Philip Willoughby |
|
Subject: |
RE: Pthread Support For Interix |
|
Date: |
Wed, 24 Jul 2002 14:53:09 +0100 (BST) |
Yesterday, Dan Kegel wrote:
>I just compiled and ran a pthreads program on Cygwin,
>so perhaps they have progressed since last time you checked.
Quite likely, I tend to just use unix ;-). I haven't used cygwin for over
a year.
>Which documented security holes are you referring to?
This was true last time I checked, so may not be true now:
The cygwin DLL stores some data in memory which is not cleared when the
user using it logs out of windows. When I last asked, noone was prepared
to assure me that it would be impossible for this to result in a user's
password(s) being compromised, or for a user to escalate their privileges
by this means.
We therefore felt it would be inappropriate to install the cygwin package
on multi-user machines. I think there was a case of someone escalating
their privileges going around, but I cannot vouch for its authenticity.
Sorry this is a bit vague...
Regards,
Philip Willoughby
Systems Programmer, Department of Computing, Imperial College, London, UK
--
echo address@hidden | tr "bizndfohces" "pwgd9ociaku"