This is the mail archive of the
cygwin-developers@cygwin.com
mailing list for the Cygwin project.
Re: problem with readonly pinfo?
- From: "Pierre A. Humblet" <Pierre dot Humblet at ieee dot org>
- To: cygwin-developers at cygwin dot com,cygwin-developers at cygwin dot com
- Date: Tue, 16 Sep 2003 20:53:59 -0400
- Subject: Re: problem with readonly pinfo?
At 08:42 PM 9/16/2003 -0400, Christopher Faylor wrote:
>If I as a process group leader fork/exec a process, it doesn't seem like
>there's any way to distribute signals to the suid'ed subprocess since
>the shared memory region (or eventually pipe) for the subprocess will be
>inaccessible.
>
>Is there a way to play around with the security descriptor to fake process
>groups? Also, isn't the owner of a process always allowed to send the
process
>a control-C even if the owner is different than the uid of the process being
>run?
The way I have written the security attributes, the subprocess
pinfo is accessible both by Admins (always) and by the sid of the
parent.
The Admins will propagate for all future generations, but not
the sid of the parent.
In the rare case where the setuid'ing process is not in Admins,
we should find a way to propagate its sid to its descendants,
while they remain in its group.
I don't know a way to give permissions to the process group leader
without giving permission to all processeses run by the same user.
But that's not a security issue.
Pierre