This is the mail archive of the cygwin-patches@cygwin.com mailing list for the Cygwin project.
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
Other format: | [Raw text] |
Now that the PROCESS_DUP_HANDLE security hole (part 1) is plugged, the next easily exploitable security breach in the core of Cygwin lies in the PROCESS_DUP_HANDLE privilege between parent and seteuid children. <http://cygwin.com/ml/cygwin-developers/2003-09/msg00078.html> That's close to the sig area currently being worked on by Chris, so I won't touch it. Next is the tty_list. It is currently implemented as an array in the cygwin_shared file mapping, which is writable by Everybody. As requested, changes toward a secure implementation involve a series of incremental patches. In fact this first one introduces NO CHANGE in functionality nor in basic logic, only the level of abstraction is increased. In particular all references to "cygwin_shared->ttys" have been removed, except from two functions in tty.cc. In addition a new class, "tinfo" has been defined. For the moment it only includes a single member, which points to an element of cygwin_shared->tty.ttys, but it will eventually become richer. It is shamelessly inspired by pinfo. To facilitate the review I would suggest starting with the change in dcrto.cc to understand the logic. Significant edits are in tty.h, tty.cc and fhandler_tty.cc. The rest is minor. I have run with those changes for 6 weeks, both on NT4 and WinME. The subsequent patches on this topic will be a lot smaller although they will contain real improvements. Pierre 2003-12-16 Pierre Humblet <pierre.humblet@ieee.org> * fhandler.h: Include tty.h. (fhandler_termios::tc): Change type to tinfo. (fhandler_termios::get_ttyp): Adjust for new type of tc. (fhandler_tty_master::init): Add argument. * tty.h: Add _TTY_H guard. (tty_list::terminate): Delete. (tty_list::get_tty): Delete. (tty_list::allocate_tty): Change type and arguments. (tty_list::connect_tty): Ditto. (class tinfo): Create. (attach_tty): Delete declaration. (create_tty_master): Change argument type. * dcrt0.cc (do_exit): Use tinfo constructor instead of accessing cygwin_shared->tty directly. * exceptions.cc (ctrl_c_handler): Ditto. * fhandler_console.cc (tty_list::get_tty): Delete. * fhandler_termios.cc (fhandler_termios::tcinit): Adjust for new type of tc. * fhandler_tty.cc (fhandler_tty_master::init): Add argument. Use it instead of accessing cygwin_shared->tty directly. (fhandler_tty_slave::open): Use tinfo method to connect to tty. (fhandler_pty_master::open): Use tinfo method to attach to tty. (fhandler_pty_master::tcgetattr): Use get_ttyp () to access cygwin_shared->tty. (fhandler_pty_master::tcsetattr): Ditto. * termios.cc: Include cygwin/version.h before fhandler.h. * tty.cc (tty_init): Reorganize to use a tinfo constructor. (create_tty_master): Change argument type, use it appropriately and pass it to tty_master->init. Do not set myself->ctty. (attach_tty): Delete. (tty_terminate): Reorganize and merge with former tty_list::terminate. Call logwtmp(). (tty_list::terminate): Delete. (tty_list::connect_tty): Change type, add argument and reorganize to access cygwin_shared->tty directly. (tty_list::allocate_tty): Change type, add argument, reorganize to access cygwin_shared->tty directly and pass argument to create_tty_master.
Attachment:
tty.diff
Description: Text document
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |