This is the mail archive of the cygwin-patches@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[Patch] Fixing the PROCESS_DUP_HANDLE security hole.


Now that 1.5.12 is out, here is a patch to fix the 
PROCESS_DUP_HANDLE security hole. It uses a new approach
to reparenting: the parent duplicates the exec'ed process 
handle when signaled by the child.

It also handles correctly the case of a quick re-exec 
(2 simultaneous reparenting), which is a weak point of
the current version.

Pierre

P.S.: I have no news about the recent patch to /bin/kill -f

2004-11-12  Pierre Humblet <pierre.humblet@ieee.org>

	* pinfo.h (_pinfo::isreparenting): New element.
	(_pinfo::ppid_sendsig): Ditto.
	(_pinfo::exit): Suppress second argument.
	* child_info.h: Update CURR_CHILD_INFO_MAGIC.
	(child_info::pppid_sendsig): New element.
	* sigproc.h: Add __SIGREPARENT.
	(enum procstuff): Add PROC_REPARENT.
	* pinfo.cc (_pinfo::exit): Suppress second argument.
	If required, send reparenting signal and wait.
	* spawn.cc (spawn_guts): Implement new reparenting strategy.
	* sigproc.cc (proc_subproc): Reduce access to vchild->pid_handle
	and vchild->ppid_handle. Set ppid_sendsig by duplication.
	Add PROC_REPARENT case and simplify PROC_CHILDTERMINATED case.
	(sig_send): Use ppid_sendsig to signal parent.
	(init_child_info): Set pppid_sendsig.
	(wait_sig): Add __SIGREPARENT case.
	* dcrto.cc (dll_crt0_0): Close pppid_sendsig.
	
	

Attachment: reparent.diff
Description: Text document


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]