cygwin1.dll
Igor Pechtchanski
pechtcha@cs.nyu.edu
Fri Jan 24 19:22:00 GMT 2003
On 2003年1月24日 jim.a.davidson@bt.com wrote:
> Sirs,
> We are proposing to use the Red Hat OpenSSH package on our NT/W2K servers
> but some concerns
> have been raised re. the Cygwin1.dll shared memory vulnerability.
> As the only Cygwin application running on these machines will be OpenSSH I
> am not sure how
> significant a risk may exist.
> Can you please explain how this vulnerabilty could be exploited so that we
> can determine
> what if any counter measures we could deploy.
> Thanks.
Jim,
I'd like to correct one misconception in your message. You said that
OpenSSH (I assume you mean sshd) will be "the only Cygwin application
running on these machines". However, any time a user logs on, sshd will
spawn a shell, and that will spawn whatever other applications the user
runs. Some of them will most certainly be Cygwin applications.
Igor
--
http://cs.nyu.edu/~pechtcha/
|\ _,,,---,,_ pechtcha@cs.nyu.edu
ZZZzz /,`.-'`' -. ;-;;,_ igor@watson.ibm.com
|,4- ) )-,_. ,\ ( `'-' Igor Pechtchanski
'---''(_/--' `-'\_) fL a.k.a JaguaR-R-R-r-r-r-.-.-. Meow!
Oh, boy, virtual memory! Now I'm gonna make myself a really *big* RAMdisk!
-- /usr/games/fortune
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
More information about the Cygwin
mailing list