handle protection - please comment

Corinna Vinschen vinschen@redhat.com
Wed Apr 18 03:05:00 GMT 2001


On Wed, Apr 18, 2001 at 10:54:06AM +1000, Robert Collins wrote:
> This is just a follow up to Egor's proposed server for handle control.
> 
> I have done some basic testing using 
> 
> DWORD sd_size = 4096;
> char sd_buf[4096];
> PSECURITY_DESCRIPTOR psd = (PSECURITY_DESCRIPTOR) sd_buf;
> 
> psd = alloc_sd (getuid(), getgid(), cygheap->user.logsrv (), mode,
>           psd, &sd_size)
> 
> and then 
> 
> SECURITY_ATTRIBUTES sa;
> sa.nLength=sizeof(sa);
> sa.lpSecurityDescriptor=psd;
> sa.bInheritHandle= TRUE; //or FALSE as appropriate for the handle
> 
> 
> This gives you an custom security attributes structure the appropriate
> win32 style permissions to match the mode , user and group you passed to
> alloc_sd.
> 
> if psd is NULL, (ie running on win95) the OS will operate correctly.
> 
> 
> I'm currently building testcases for mutexs in shared memory, which is
> how I got onto this.
> 
> security wise, on win9x, there is no security, but there isn't anyway -
> any process can open any shared memory area and so forth (ie it doesn't
> matter how many layers of abstraction you put on it, someone with the
> source can iterate through all the publicly available structures).
> 
> On NT/2K, it should give exactly the desired permissions, no more, no
> less.

For that purpose there are two functions declared in security.h:

PSECURITY_ATTRIBUTES sec_user (PVOID sa_buf, PSID sid2 = NULL, BOOL inherit = TRUE);
PSECURITY_ATTRIBUTES sec_user_nih (PVOID sa_buf, PSID sid2 = NULL);

For the usage have a look into sigproc.cc, function `getsem' or
fork.cc, function `fork_parent'.

Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                                mailto:cygwin@cygwin.com
Red Hat, Inc.



More information about the Cygwin-developers mailing list