This is the mail archive of the
cygwin-developers@cygwin.com
mailing list for the Cygwin project.
Re: problem with readonly pinfo?
On Tue, Sep 16, 2003 at 08:53:59PM -0400, Pierre A. Humblet wrote:
>At 08:42 PM 9/16/2003 -0400, Christopher Faylor wrote:
>>If I as a process group leader fork/exec a process, it doesn't seem
>>like there's any way to distribute signals to the suid'ed subprocess
>>since the shared memory region (or eventually pipe) for the subprocess
>>will be inaccessible.
>>
>>Is there a way to play around with the security descriptor to fake
>>process groups? Also, isn't the owner of a process always allowed to
>>send the process a control-C even if the owner is different than the
>>uid of the process being run?
>
>The way I have written the security attributes, the subprocess pinfo is
>accessible both by Admins (always) and by the sid of the parent.
>
>The Admins will propagate for all future generations, but not the sid
>of the parent. In the rare case where the setuid'ing process is not in
>Admins, we should find a way to propagate its sid to its descendants,
>while they remain in its group. I don't know a way to give permissions
>to the process group leader without giving permission to all
>processeses run by the same user. But that's not a security issue.
No, judging by what you've described that should provide enough control
so that cygwin can figure out the process group for itself.
Now that I've looked at process group handling again, after a hiatus, I
feel another rewrite coming on.
cgf