This is the mail archive of the cygwin@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: security with the ftp daemon


On Tue, Jan 22, 2002 at 10:18:01AM +0900, Dylan Cuthbert wrote:
> Thanks, you were right, I regenerated the groups file and it returned to
> being secure again - it seems a bit dangerous to default to admins group,
> maybe better if it defaults to guest or something along those lines?

Security wasn't one of the design goals of Cygwin originally.  The
reason for using admin as fallback was to ensure that applications
still run even if some settings are broken.  That's obviously not
the problem when explicitely switching user context.  See

http://cygwin.com/ml/cygwin/2002-01/msg01190.html

for a current discussion of related problems.  I'm going to switch
over to no default at all.

Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                                mailto:cygwin@cygwin.com
Red Hat, Inc.

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]