This is the mail archive of the mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Unable to compile cygwin

On Mon, Dec 22, 2003 at 08:53:33PM -0500, Christopher Faylor wrote:
> On Mon, Dec 22, 2003 at 04:31:57PM -0600, Jim Ramsay wrote:
> >Christopher Faylor wrote:
> >I like your sarcasm, but I prefer to assume that the only truly secure
> >network is one without computers attached, and the only truly secure
> >computer is one with no OS, or no users :)
> >
> >Sadly both of these are hard to do anything useful with, so in reality
> >I believe (in general) it is easier to check the security of an
> >open-source product since I can look at the source code and see if
> >there are unchecked buffers, backdoors, etc.  I am by no means a
> >security expert, so I'm sure I'd miss lots of things, but theoretically
> >there are lots of other people also checking the same code as me and
> >helping make things more secure.
> This is a very good point and it is one of the reasons why free software
> is so powerful.  So, in theory, free software *should* be more secure.
> It varies, in practice, however, depending on the project.
> Cygwin went many years before anyone cared enough to start looking into
> making it more secure.  So, theoretically, it did not benefit very much
> from all of the theoretical eyes looking at the source code.  In fact,
> the usual questions to this mailing list on this issue do not evince the
> slightest desire to investigate source code.  It is refreshing to see
> someone approaching things from this angle even if it is unfortunate
> that the person had problems (which I can't explain) building cygwin.

I believe that the latest snapshot is "as secure as Windows" in the case
where the only Cygwin processes are logged in using Terminal Services
on Windows 2003 or Windows 2000 sp4, and do not have the "Create Global
Object" privilege (please don't laugh, that's an achievement).
That is, if such a user runs cygwin compiled programs under a cygwin shell,
he is no more exposed and has no more power that if running regular Windows 
programs under cmd.exe

Now, how can we gain confidence in the above statement? Should Chris start
distributing stars to those who provide exploits, or could Red Hat be
persuaded to give away valuable Tee Shirts to same?

To the contrary, it's likely that a user logged in with the above privilege,
or from the console, can be tricked into doing things on behalf of another, 
and a user logged in over Cygwin telnetd, crond or sshd can escalate his 
privileges to those of system... (no price given for demonstrating those, 
at least for now).  

Note that the previous discussion concerns users that are legally logged in.
When it comes to attacks from outside, the simple act of opening a service 
such as sshd can open a hole. However I would guess that it won't be Cygwin 
specific, i.e. the same attack could be used with the same daemon running
on, say, Linux, or the attack will exploit a Windows weakness.
Again, how can we gain confidence in such statements?


Unsubscribe info:
Problem reports:

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]