This is the mail archive of the
cygwin-developers@cygwin.com
mailing list for the Cygwin project.
Re: security hole in tty handling code
- To: "Robert Collins" <robert dot collins at itdomain dot com dot au>
- Subject: Re: security hole in tty handling code
- From: Egor Duda <deo at logos-m dot ru>
- Date: Thu, 29 Mar 2001 11:12:32 +0400
- CC: cygwin-developers at cygwin dot com
- Organization: DEO
- References: <4531563555.20010328212023@logos-m.ru><00c001c0b7ce$260631a0$0200a8c0@lifelesswks>
- Reply-To: egor duda <cygwin-developers at cygwin dot com>
Hi!
Thursday, 29 March, 2001 Robert Collins robert.collins@itdomain.com.au wrote:
RC> Why not just set the permissions and let the client calls fail if they
RC> aren't from the same user?
because this will break applications that change user context, such as
sshd.
RC> I've heard that
RC> "server" based solutions like you've put toghether usually fail in
RC> terminal server environments...
do you have any evidence? anywaym, i think it's probably easy to test.
Egor. mailto:deo@logos-m.ru ICQ 5165414 FidoNet 2:5020/496.19