Yesterday, Dan Kegel wrote: >I just compiled and ran a pthreads program on Cygwin, >so perhaps they have progressed since last time you checked.
Quite likely, I tend to just use unix ;-). I haven't used cygwin for over a year. >Which documented security holes are you referring to? This was true last time I checked, so may not be true now: The cygwin DLL stores some data in memory which is not cleared when the user using it logs out of windows. When I last asked, noone was prepared to assure me that it would be impossible for this to result in a user's password(s) being compromised, or for a user to escalate their privileges by this means. We therefore felt it would be inappropriate to install the cygwin package on multi-user machines. I think there was a case of someone escalating their privileges going around, but I cannot vouch for its authenticity. Sorry this is a bit vague... Regards, Philip Willoughby Systems Programmer, Department of Computing, Imperial College, London, UK -- echo [EMAIL PROTECTED] | tr "bizndfohces" "pwgd9ociaku"
