handle protection - please comment

Robert Collins robert.collins@itdomain.com.au
Wed Apr 18 03:11:00 GMT 2001

----- Original Message -----
From: "Corinna Vinschen" <vinschen@redhat.com>
To: <cygwin-developers@cygwin.com>
Sent: Wednesday, April 18, 2001 8:05 PM
Subject: Re: handle protection - please comment

> On Wed, Apr 18, 2001 at 10:54:06AM +1000, Robert Collins wrote:
> > This is just a follow up to Egor's proposed server for handle
> >

> > On NT/2K, it should give exactly the desired permissions, no more,
> > less.
> For that purpose there are two functions declared in security.h:
inherit = TRUE);
> PSECURITY_ATTRIBUTES sec_user_nih (PVOID sa_buf, PSID sid2 = NULL);
> For the usage have a look into sigproc.cc, function `getsem' or
> fork.cc, function `fork_parent'.
> Corinna

The problem with them is that they don't provide any granularity. Using
alloc_sd, we can specify the access appropriately for each object. I.E.
shmget takes a flags parameter that includes a file mode (ie 0666). How
do we get an NT security descriptor for 0666 to pass to
CreateFileMapping for instance?

The thing egor as talking about was child process's needing to read the
parents open handles, and that programs than setuid are apparently
setting the perms to everyone, all to allow the child process with it's
different uid to read the handles. He was proposing a server model,
which I don't like because
a) it adds complexity and overhead
b) I don't believe _we_ should be doing the access checking, we should
be passing that back to NT to do.


More information about the Cygwin-developers mailing list