Add Pierre's security text.

2 files changed, 10 insertions, 11 deletions

diff --git a/winsup/doc/ChangeLog b/winsup/doc/ChangeLog
index cd20e8770..fdd3ce22d 100644
--- a/winsup/doc/ChangeLog
+++ b/winsup/doc/ChangeLog
@@ -1,3 +1,7 @@
+2005-03-03  Joshua Daniel Franklin  <joshuadfranklin@yahoo.com>
+
+	* how-api.texinfo: Add Pierre's security text.
+
 2005-02-23  Joshua Daniel Franklin  <joshuadfranklin@yahoo.com>
 
 	* README: New file.
diff --git a/winsup/doc/how-api.texinfo b/winsup/doc/how-api.texinfo
index 0d217c155..5490946a1 100644
--- a/winsup/doc/how-api.texinfo
+++ b/winsup/doc/how-api.texinfo
@@ -174,17 +174,12 @@ ones which have a "#!" as their first characters.
 
 @subsection How secure is Cygwin in a multi-user environment?
 
-Cygwin is not secure in a multi-user environment.  For
-example if you have a long running daemon such as "inetd"
-running as admin while ordinary users are logged in, or if
-you have a user logged in remotely while another user is logged
-into the console, one cygwin client can trick another into
-running code for it.  In this way one user may gain the
-privilege of another cygwin program running on the machine.
-This is because cygwin has shared state that is accessible by 
-all processes.
-
-(Thanks to Tim Newsham (newsham@@lava.net) for this explanation).
+As of version 1.5.13, the Cygwin developers are not aware of any feature
+in the cygwin dll that would allow users to gain privileges or to access
+objects to which they have no rights under Windows. However there is no
+guarantee that Cygwin is as secure as the Windows it runs on.  Cygwin
+processes share some variables and are thus easier targets of denial of
+service type of attacks.
 
 @subsection How do the net-related functions work?