This is the mail archive of the cygwin-patches@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Resubmission of cygwin_daemon patch.


----- Original Message -----
From: "Conrad Scott" <Conrad.Scott@dsl.pipex.com>
To: "Robert Collins" <robert.collins@syncretize.net>
Cc: <cygwin-patches@cygwin.com>
Sent: Sunday, June 23, 2002 7:35 PM

> About instance detection: you're right that something better could be
> done here. What I've ended up with is really a security patch: it's
> possible for another process to create an instance of a named pipe,
> wait for clients to connect and then impersonate them.

It will always be possible to do that. Anyone can build the cygserver and
insert hostile code into their build. Code interception is a standard
technique for reverse engineering, runtime patching and the like.

In terms of preventing someone hostilely opening the same socket/pipe, I'd
have thought windows prevented multiple listening pipes with the same name.

Rob


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]