This is the mail archive of the cygwin-developers@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: problem with readonly pinfo?


At 08:42 PM 9/16/2003 -0400, Christopher Faylor wrote:
>If I as a process group leader fork/exec a process, it doesn't seem like
>there's any way to distribute signals to the suid'ed subprocess since
>the shared memory region (or eventually pipe) for the subprocess will be
>inaccessible.
>
>Is there a way to play around with the security descriptor to fake process
>groups?  Also, isn't the owner of a process always allowed to send the
process
>a control-C even if the owner is different than the uid of the process being
>run?

The way I have written the security attributes, the subprocess
pinfo is accessible both by Admins (always) and by the sid of the 
parent.

The Admins will propagate for all future generations, but not 
the sid of the parent.
In the rare case where the setuid'ing process is not in Admins,
we should find a way to propagate its sid to its descendants,
while they remain in its group. 
I don't know a way to give permissions to the process group leader
without giving permission to all processeses run by the same user.
But that's not a security issue. 

Pierre


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]