On Mon, Dec 22, 2003 at 08:53:33PM -0500, Christopher Faylor wrote: > On Mon, Dec 22, 2003 at 04:31:57PM -0600, Jim Ramsay wrote: > >Christopher Faylor wrote: > > >I like your sarcasm, but I prefer to assume that the only truly secure > >network is one without computers attached, and the only truly secure > >computer is one with no OS, or no users :) > > > >Sadly both of these are hard to do anything useful with, so in reality > >I believe (in general) it is easier to check the security of an > >open-source product since I can look at the source code and see if > >there are unchecked buffers, backdoors, etc. I am by no means a > >security expert, so I'm sure I'd miss lots of things, but theoretically > >there are lots of other people also checking the same code as me and > >helping make things more secure. > > This is a very good point and it is one of the reasons why free software > is so powerful. So, in theory, free software *should* be more secure. > It varies, in practice, however, depending on the project. > > Cygwin went many years before anyone cared enough to start looking into > making it more secure. So, theoretically, it did not benefit very much > from all of the theoretical eyes looking at the source code. In fact, > the usual questions to this mailing list on this issue do not evince the > slightest desire to investigate source code. It is refreshing to see > someone approaching things from this angle even if it is unfortunate > that the person had problems (which I can't explain) building cygwin.
I believe that the latest snapshot is "as secure as Windows" in the case where the only Cygwin processes are logged in using Terminal Services on Windows 2003 or Windows 2000 sp4, and do not have the "Create Global Object" privilege (please don't laugh, that's an achievement). That is, if such a user runs cygwin compiled programs under a cygwin shell, he is no more exposed and has no more power that if running regular Windows programs under cmd.exe Now, how can we gain confidence in the above statement? Should Chris start distributing stars to those who provide exploits, or could Red Hat be persuaded to give away valuable Tee Shirts to same? To the contrary, it's likely that a user logged in with the above privilege, or from the console, can be tricked into doing things on behalf of another, and a user logged in over Cygwin telnetd, crond or sshd can escalate his privileges to those of system... (no price given for demonstrating those, at least for now). Note that the previous discussion concerns users that are legally logged in. When it comes to attacks from outside, the simple act of opening a service such as sshd can open a hole. However I would guess that it won't be Cygwin specific, i.e. the same attack could be used with the same daemon running on, say, Linux, or the attack will exploit a Windows weakness. Again, how can we gain confidence in such statements? Pierre -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
