This is the mail archive of the cygwin-developers mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

RE: cygwin1.dll up to 1.5.22 overflow


On 08 November 2007 13:51, Daniel Fdez. Bleda wrote:

> Dear Corinna,
> 
> I understand from this that you are asking for that details about
> explotation, pof, etc. of a vulnerability of a software should be
> directly disclosed in the list? Sounds some kind of dangerous.
> 
> I didn't usually include in "bugs" a bof that permits execute code.
> 
> I'll do this as you requested omitting sensible information.

  I understand your need for caution.  I think maybe we should consider what
is the best course of action to take and perhaps write up a semi-formal
announcement for the list instead?

  Also, maybe we should retire the earlier vulnerable cygwin dll versions that
are still on sourceware.org?

  Cygwin is inherently insecure, the shared memory mechanism allows
unauthenticated communication across trust boundaries between processes;
without a major redesign it's always going to be vulnerable to privilige
escalation in particular.  It's not advisable to run a cygwin-based service
facing the public internet IMO.

  Which was the vulnerable function?  I'd like to see how serious the
opportunities for attack are before we rush into anything.


    cheers,
      DaveK
-- 
Can't think of a witty .sigline today....


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]