On Fri, 24 Jan 2003 [EMAIL PROTECTED] wrote:
> Sirs,
> We are proposing to use the Red Hat OpenSSH package on our NT/W2K servers
> but some concerns
> have been raised re. the Cygwin1.dll shared memory vulnerability.
> As the only Cygwin application running on these machines will be OpenSSH I
> am not sure how
> significant a risk may exist.
> Can you please explain how this vulnerabilty could be exploited so that we
> can determine
> what if any counter measures we could deploy.
> Thanks.
Jim,
I'd like to correct one misconception in your message. You said that
OpenSSH (I assume you mean sshd) will be "the only Cygwin application
running on these machines". However, any time a user logs on, sshd will
spawn a shell, and that will spawn whatever other applications the user
runs. Some of them will most certainly be Cygwin applications.
Igor
--
http://cs.nyu.edu/~pechtcha/
|\ _,,,---,,_ [EMAIL PROTECTED]
ZZZzz /,`.-'`' -. ;-;;,_ [EMAIL PROTECTED]
|,4- ) )-,_. ,\ ( `'-' Igor Pechtchanski
'---''(_/--' `-'\_) fL a.k.a JaguaR-R-R-r-r-r-.-.-. Meow!
Oh, boy, virtual memory! Now I'm gonna make myself a really *big* RAMdisk!
-- /usr/games/fortune
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
