This is the mail archive of the
cygwin
mailing list for the Cygwin project.
Re: Write access for BUILTIN\USERS - cygwin privilege escalation vulnerability for Windows 2008 default installation
- From: Christopher Faylor <cgf-use-the-mailinglist-please at cygwin dot com>
- To: cygwin at cygwin dot com
- Date: Mon, 21 Sep 2009 14:39:11 -0400
- Subject: Re: Write access for BUILTIN\USERS - cygwin privilege escalation vulnerability for Windows 2008 default installation
- References: <200909211041.17032.list2009@lunch.za.net> <4AB7A797.6090405@gmail.com>
- Reply-to: cygwin at cygwin dot com
On Mon, Sep 21, 2009 at 05:19:35PM +0100, Dave Korn wrote:
> Therefore Cygwin should never be deployed to provide services to untrusted
>users on a 'net-facing server. It's just not a real OS(*).
Cygwin is not a floor wax either. It's just barely a dessert topping.
cgf
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple