This is the mail archive of the
cygwin-patches@cygwin.com
mailing list for the Cygwin project.
Re: [Patch]: Fixing the PROCESS_DUP_HANDLE security hole (part 1).
- From: "Pierre A. Humblet" <pierre at phumblet dot no-ip dot org>
- To: cygwin-patches at cygwin dot com
- Date: Wed, 05 Nov 2003 20:02:01 -0500
- Subject: Re: [Patch]: Fixing the PROCESS_DUP_HANDLE security hole (part 1).
Ping?
This has been pending for a while. See also
<http://cygwin.com/ml/cygwin-patches/2003-q4/msg00003.html>
Pierre
At 09:55 PM 9/29/2003 -0400, Pierre A. Humblet wrote:
>Here is a patch that allows to open master ttys without giving
>full access to the process, at least for access to the ctty.
>
>It works by snooping the ctty pipe handles and duplicating them
>on the cygheap, for use by future opens in descendant processes.
>
>It passes all the tests I tried, but considering my lack of knowledge
>about ttys, everything is possible.
>
>Pierre
>
>
>2003-09-29 Pierre Humblet <pierre.humblet@ieee.org>
>
> * cygheap.h (class cygheap_ctty): Create.
> (struct init_cygheap): Add inherited_ctty member.
> * cygheap.cc: Include pinfo.h.
> (cygheap_ctty::acquire): Create.
> (cygheap_ctty::pass): Ditto.
> (cygheap_ctty::close): Ditto.
> * fhandler_tty.cc (fhandler_tty_slave::open): Call
> cygheap->inherited_ctty.pass and cygheap->inherited_ctty.acquire.
> * tty.cc (tty::common_init): Remove call to SetKernelObjectSecurity
> and edit some comments.
> * syscalls.cc (setsid): Call cygheap->inherited_ctty.close.
>
>Attachment Converted: "c:\Home\Pierre\Mail\attach\tty1.dif"
>