This is the mail archive of the
mailing list for the Cygwin project.
Re: [Patch]: Fixing the PROCESS_DUP_HANDLE security hole (part 1).
- From: Christopher Faylor <cgf-no-personal-reply-please at cygwin dot com>
- To: cygwin-patches at cygwin dot com
- Date: Mon, 8 Dec 2003 22:28:57 -0500
- Subject: Re: [Patch]: Fixing the PROCESS_DUP_HANDLE security hole (part 1).
- References: <email@example.com> <firstname.lastname@example.org> <email@example.com>
- Reply-to: cygwin-patches at cygwin dot com
On Mon, Dec 08, 2003 at 10:10:10PM -0500, Pierre A. Humblet wrote:
>Either myself->set_ctty should be smarter, or fhandler_tty_slave::dup
>could see if it's about the ctty and simply copy it.
I stared at the set_ctty code a long time trying to understand why it
went out of its way to do the ctty dance when there was already a ctty
and eventually convinced myself that maybe it was necessary in some
cases. However, I can't see why it would ever be necessary to overwrite
the saved ctty so I've checked in a patch that avoids that which, I guess,
qualifies as making myself->set_ctty smarter.
Does that solve the problem?