This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Is there someone offering cygwin paid support?


Will Parsons wrote:

> I'm curious about this.  I think I recall from years ago a response to an
> enquiry about cygwin security that was basically along the lines that cygwin
> is as secure as the underlying Windows system.  That made sense to me - why
> would cygwin be less secure?

Fundamentally, yes, Cygwin is just a normal user mode library so at the
end of the day all the security restrictions of the operating system
still apply.  But consider what happens if you compile POSIX code that
uses e.g. chroot().  There is no such syscall on Windows, so Cygwin
emulates it.  But since Cygwin is not part of the operating system, it
can't actually prevent the program from accessing something outside of
the new root, say by directly calling the Win32 API or using a Win32
filename.  A server daemon for example that ran in a chroot jail would
represent a valid security technique on Linux -- this would work as well
on paper in Cygwin but it would represent a false sense of security
because it's not actually going to prevent much.

Brian

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]