This is the mail archive of the cygwin-developers@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: problem with readonly pinfo?


At 08:42 PM 9/16/2003 -0400, Christopher Faylor wrote:
>If I as a process group leader fork/exec a process, it doesn't seem like
>there's any way to distribute signals to the suid'ed subprocess since
>the shared memory region (or eventually pipe) for the subprocess will be
>inaccessible.
>
>Is there a way to play around with the security descriptor to fake process
>groups?  Also, isn't the owner of a process always allowed to send the
process
>a control-C even if the owner is different than the uid of the process being
>run?

Sorry I couldn't answer more completely the first time.

I would have added that the acl of pinfo is basically the same as that
of the current semaphore/event, + read for Everybody. So signal
transmission will not be any worse than today.

About your last question, I am not sure I understand. The "uid of the process
being run" (after setuid, I assume) is really the sid of the thread that is
impersonated. It appears that an impersonated thread can keep using the
handles
openened before impersonation but cannot e.g. duplicate them. 
At worse you may have to desimpersonate/reimpersonate to deliver a control-C
to a process for an impersonated thread.

Pierre


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]