Actually, Reini, I didn't say that I didn't know what a daemon was, I
said that I didn't know how to find out which ones were running (without
additional research, which, has thus far been fruitless).
O h sorry.
As far as I can see from what you wrote, the real issue is that windows is unsafe. I don't use Explorer, and if there is an intruder on my machine, I already have a problem, independent of what they can do using cygwin services. The question is whether someone can use cygwin to intrude.
You do use Explorer. You don't use IExplorer. Explorer is the Desktop. Several applications run several (mostly hidden) windows on the Desktop as SYSTEM, which can be used to gain the privileges of this process => SYSTEM, by classical buffer overrun methods on bad or missing input validation, e.g. on an edit box.
Google for "Shatter style attack exploit"
http://security.tombom.co.uk/shatter.html
NTFS is also inherently insecure, ie. makes is easy to hide processes: http://www.windowsecurity.com/articles/Alternate_Data_Streams.html type c:\anyfile.exe > c:\winnt\system32\calc.exe:anyfile.exe
And of course the popular RPC exploits, which either targets directly the kernel or if up-to-date, other COM/DCOM components which are mostly entirely insecure in the default incarnations. There are several COM architectural flaws, where MS didn't want to burden poor MS developers with too much security concerns. (in contrast to CORBA btw.)
I guess I don't see why anyone would install cygwin rather than linux
unless they were stuck in a networked windows environment as I am, so I
would assume that it would be designed to work reasonably in such an
environment. Only I and computer services have accounts on the machine.
I have to trust computer services, and if they screw up, they can't
blame me, so the only issue here is what I personally have to do to make
sure I do not introduce extra security risks into the system. (Wish the
documentation addressed XP Pro rather than just NT.)
The NT Family of the OS, in contrast to the Windows3-based family, which we call Win95.
-----Original Message----- From: Reini Urban [mailto:[EMAIL PROTECTED] Sent: Monday, September 20, 2004 12:13 PM To: Koskie, Sarah Cc: Cygwin List Subject: Re: security and cygwin
Koskie, Sarah schrieb:
Are there any other security related issues I should know about? I have to assume that cygwin as installed is safe until I have time
to
look
into it, so I am hoping that my faith is not misplaced.
See the FAQ entry:
How secure is Cygwin in a multi-user environment? <http://cygwin.com/faq/faq_toc.html#TOC78>
Thanks, but that does not answer my question. I do not know what daemons are running.
It does answer it. If you don't know this, you are completely unsafe.
I did not start any. I assume some are started in the installation process but I don't know how to find out which they are. I just searched the FAQs for any other mention of "daemon" and found none. I have also checked the User's guide but it does not
seem
to contain any relevant info that I can see. There should never be
any
users logged in remotely to my cygwin and if there is something I
have
to do to enforce that, that's part of what I want to know. I should also be the only one using sftp, ssh, etc. With the previous version
of
cygwin, I was able to sftp and ssh from cygwin to other machines but
not
from other machines to my desktop computer. I hope that is still
the
case. I'll check it eventually, but as mentioned, I have a more-than-full time job as other than an UNIX programmer or system administrator and I cannot just stop and spend a month setting up cygwin. In the past I didn't have to. The lack of relevant documentation and the complexity of the current setup and install process are extremely frustrating.
Trust the FAQ: It's unsafe. Esp. when you don't know what a daemon is. Just believe it.
A daemon is a long-running "satanic" background process. See your Task Manager on the Process Tab.
One of the daemons you don't see is for example called "Explorer" (the windows desktop). This is one of the worst security holes on windows, regardless of cygwin.
sftp, sshd, cygserver, cron and all other cygwin services are also daemons, which share global data via cygwin1.dll. If you are running them as user, a possible intruder can gain permissions of this user. If you run cygwin programs as service the intruder might gain permissions of the SYSTEM user. -- Reini Urban
-- Reini Urban http://xarch.tu-graz.ac.at/home/rurban/
-- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/