This is the mail archive of the
mailing list for the Cygwin project.
RE: security and cygwin
- From: "Koskie, Sarah" <skoskie at iupui dot edu>
- To: <cygwin at cygwin dot com>
- Date: Tue, 21 Sep 2004 11:50:02 -0500
- Subject: RE: security and cygwin
Actually, Reini, I didn't say that I didn't know what a daemon was, I
said that I didn't know how to find out which ones were running (without
additional research, which, has thus far been fruitless). If I type ps
-fA on my linux box at home, I get a list of all the running processes,
even when I am not logged in as root. When I type ps -fA in cygwin, I
do not get a complete list -- just my shell and the ps command. Of
course this brings up the question of who, exactly is root under cygwin,
but a check of /etc/passwd seems to indicate that there isn't one. I
gather that if SYSTEM or Administrators wanted to take on the role,
they'd be able to do it.
As far as I can see from what you wrote, the real issue is that windows
is unsafe. I don't use Explorer, and if there is an intruder on my
machine, I already have a problem, independent of what they can do using
cygwin services. The question is whether someone can use cygwin to
I guess I don't see why anyone would install cygwin rather than linux
unless they were stuck in a networked windows environment as I am, so I
would assume that it would be designed to work reasonably in such an
environment. Only I and computer services have accounts on the machine.
I have to trust computer services, and if they screw up, they can't
blame me, so the only issue here is what I personally have to do to make
sure I do not introduce extra security risks into the system. (Wish the
documentation addressed XP Pro rather than just NT.)
> -----Original Message-----
> From: Reini Urban [mailto:firstname.lastname@example.org]
> Sent: Monday, September 20, 2004 12:13 PM
> To: Koskie, Sarah
> Cc: Cygwin List
> Subject: Re: security and cygwin
> Koskie, Sarah schrieb:
> >>>Are there any other security related issues I should know about? I
> >>>have to assume that cygwin as installed is safe until I have time
> >>>into it, so I am hoping that my faith is not misplaced.
> >>See the FAQ entry:
> >>How secure is Cygwin in a multi-user environment?
> > Thanks, but that does not answer my question. I do not know what
> > daemons are running.
> It does answer it.
> If you don't know this, you are completely unsafe.
> > I did not start any. I assume some are started in
> > the installation process but I don't know how to find out which they
> > are. I just searched the FAQs for any other mention of "daemon" and
> > found none. I have also checked the User's guide but it does not
> > to contain any relevant info that I can see. There should never be
> > users logged in remotely to my cygwin and if there is something I
> > to do to enforce that, that's part of what I want to know. I should
> > also be the only one using sftp, ssh, etc. With the previous version
> > cygwin, I was able to sftp and ssh from cygwin to other machines but
> > from other machines to my desktop computer. I hope that is still
> > case. I'll check it eventually, but as mentioned, I have a
> > more-than-full time job as other than an UNIX programmer or system
> > administrator and I cannot just stop and spend a month setting up
> > cygwin. In the past I didn't have to. The lack of relevant
> > documentation and the complexity of the current setup and install
> > process are extremely frustrating.
> Trust the FAQ: It's unsafe.
> Esp. when you don't know what a daemon is. Just believe it.
> A daemon is a long-running "satanic" background process.
> See your Task Manager on the Process Tab.
> One of the daemons you don't see is for example called "Explorer" (the
> windows desktop). This is one of the worst security holes on windows,
> regardless of cygwin.
> sftp, sshd, cygserver, cron and all other cygwin services are also
> daemons, which share global data via cygwin1.dll. If you are running
> them as user, a possible intruder can gain permissions of this user.
> If you run cygwin programs as service the intruder might gain
> permissions of the SYSTEM user.
> Reini Urban
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html