* RE: Getting Cygwin into a corporation..
@ 2002-04-24 17:35 Robert Collins
2002-04-24 19:33 ` Lapo Luchini
0 siblings, 1 reply; 6+ messages in thread
From: Robert Collins @ 2002-04-24 17:35 UTC (permalink / raw)
To: Michael F. March, cygwin
> -----Original Message-----
> From: Michael F. March [mailto:march@indirect.com]
> Sent: Thursday, April 25, 2002 4:02 AM
> To: cygwin@sources.redhat.com
> Subject: Getting Cygwin into a corporation..
>
>
> In the company I work for they have outlawed all Unix
> variants (Linux, Solaris, OSX) from certain networks. I
> asked why Cygwin could not be installed and here is
> some of the response I got back:
>
> > Cygwin, in itself, is typically a harmless application.
> > However, once installed, it does allow a user to invalidate
> > the NT Security architecture; a user can then install cygwin
> > ports without the NT administrators consent (including, of
> > course, the cygwin DHCP port).
>
> How should I respond to this?
Cygwin does not make installing applications easier or harder. It adds
no executable types, and no alterations are made to system security.
Long and short: if you can install DHCP with cygwin on those machines,
you can install DHCP WITHOUT cygwin.
Rob
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
^ permalink raw reply [flat|nested] 6+ messages in thread
* Getting Cygwin into a corporation..
@ 2002-04-24 12:05 Michael F. March
2002-04-24 12:10 ` Chris Ellsworth
` (2 more replies)
0 siblings, 3 replies; 6+ messages in thread
From: Michael F. March @ 2002-04-24 12:05 UTC (permalink / raw)
To: cygwin
In the company I work for they have outlawed all Unix
variants (Linux, Solaris, OSX) from certain networks. I
asked why Cygwin could not be installed and here is
some of the response I got back:
> Cygwin, in itself, is typically a harmless application.
> However, once installed, it does allow a user to invalidate
> the NT Security architecture; a user can then install cygwin
> ports without the NT administrators consent (including, of
> course, the cygwin DHCP port).
How should I respond to this?
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Getting Cygwin into a corporation..
2002-04-24 12:05 Michael F. March
@ 2002-04-24 12:10 ` Chris Ellsworth
2002-04-24 14:42 ` Sam Edge
2002-04-24 17:09 ` Michael Schaap
2 siblings, 0 replies; 6+ messages in thread
From: Chris Ellsworth @ 2002-04-24 12:10 UTC (permalink / raw)
To: cygwin
just out of curosity what kinda of account rights does your login give
you right now? admin or just a user
if you login as an admin nothing is stopping you from loading 3rd
party app right now that would do dhcp because you have the right to
via the admin login.
cause i belive if you log in as a user and cygwin setup useing ntsec
and the perms on the dir is set correct a user would not be able to
install apps into cygwin. Because they dont have write access to dirs
that a installer would need.
people help me out here......
----- Original Message -----
From: "Michael F. March" <march@indirect.com>
To: <cygwin@sources.redhat.com>
Sent: Wednesday, April 24, 2002 11:01 AM
Subject: Getting Cygwin into a corporation..
> In the company I work for they have outlawed all Unix
> variants (Linux, Solaris, OSX) from certain networks. I
> asked why Cygwin could not be installed and here is
> some of the response I got back:
>
> > Cygwin, in itself, is typically a harmless application.
> > However, once installed, it does allow a user to invalidate
> > the NT Security architecture; a user can then install cygwin
> > ports without the NT administrators consent (including, of
> > course, the cygwin DHCP port).
>
> How should I respond to this?
>
>
> --
> Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
> Bug reporting: http://cygwin.com/bugs.html
> Documentation: http://cygwin.com/docs.html
> FAQ: http://cygwin.com/faq/
>
>
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Getting Cygwin into a corporation..
2002-04-24 12:05 Michael F. March
2002-04-24 12:10 ` Chris Ellsworth
@ 2002-04-24 14:42 ` Sam Edge
2002-04-24 17:09 ` Michael Schaap
2 siblings, 0 replies; 6+ messages in thread
From: Sam Edge @ 2002-04-24 14:42 UTC (permalink / raw)
To: cygwin
You wrote in <01fd01c1ebba$23197580$0d76aec7@D4LHBR01>
in gmane.os.cygwin on Wed, 24 Apr 2002 11:01:56 -0700:
> In the company I work for they have outlawed all Unix
> variants (Linux, Solaris, OSX) from certain networks. I
> asked why Cygwin could not be installed and here is
> some of the response I got back:
> > Cygwin, in itself, is typically a harmless application.
> > However, once installed, it does allow a user to invalidate
> > the NT Security architecture; a user can then install cygwin
> > ports without the NT administrators consent (including, of
> > course, the cygwin DHCP port).
> How should I respond to this?
Cygwin1.dll and Cygwin applications makes calls to the OS API via
kernel32.dll and the other system DLLs just like any other Windows
application does. There's nothing they can do when run via a specific
user account that any other Windows program couldn't do running from
that same account.
The shared memory used by cygwin1.dll is not protected so a malicious
or buggy process in one context could crash a Cygwin process running
in another by corrupting this data. But if you avoid installing any
Cygwin programs as NT services then they'll all be running
interactively in the context of the current user so they can't do
anything that can't be done anyway.
--
Sam Edge
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Getting Cygwin into a corporation..
2002-04-24 12:05 Michael F. March
2002-04-24 12:10 ` Chris Ellsworth
2002-04-24 14:42 ` Sam Edge
@ 2002-04-24 17:09 ` Michael Schaap
2 siblings, 0 replies; 6+ messages in thread
From: Michael Schaap @ 2002-04-24 17:09 UTC (permalink / raw)
To: cygwin
At 20:01 24-4-2002, Michael F. March wrote:
>In the company I work for they have outlawed all Unix
>variants (Linux, Solaris, OSX) from certain networks. I
>asked why Cygwin could not be installed and here is
>some of the response I got back:
>
> > Cygwin, in itself, is typically a harmless application.
> > However, once installed, it does allow a user to invalidate
> > the NT Security architecture; a user can then install cygwin
> > ports without the NT administrators consent (including, of
> > course, the cygwin DHCP port).
You mean, they outlaw UNIX style operating systems and only allow Windows
for *security* reasons?!?
I'm not sure if that's hilarious or sad. Probably both...
- Michael
--
I always wondered about the meaning of life. So I looked it
up in the dictionary under "L" and there it was - the meaning
of life. It was not what I expected. - Dogbert
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2002-04-25 1:36 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2002-04-24 17:35 Getting Cygwin into a corporation Robert Collins
2002-04-24 19:33 ` Lapo Luchini
-- strict thread matches above, loose matches on Subject: below --
2002-04-24 12:05 Michael F. March
2002-04-24 12:10 ` Chris Ellsworth
2002-04-24 14:42 ` Sam Edge
2002-04-24 17:09 ` Michael Schaap
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).