handle protection - please comment

egor duda deo@logos-m.ru
Wed Apr 18 11:59:00 GMT 2001


Wednesday, 18 April, 2001 Corinna Vinschen vinschen@redhat.com wrote:

>> now look what /tmp/secret contains.

CV> I didn't test it but I assume it contains "Kaboom!". Hmm. I'm somewhat
CV> distressed about that result. So the secure way to get a handle to any
CV> shared object is by accessing it using names as suggested by Robert.
CV> This doesn't apply to parent/child relations, obviously.

yes. or via trusted server process running under administrator
account. i suppose PSTORES.EXE (MS' "Protected storage service" is
used for somthing like this).

RC>> The thing egor as talking about was child process's needing to read the
RC>> parents open handles, and that programs than setuid are apparently
RC>> setting the perms to everyone, all to allow the child process with it's
RC>> different uid to read the handles. He was proposing a server model,

CV> Wouldn't that problem (which originally was related to ttys) be resolved
CV> if the master cares for the duplication?

but slave may also care to not allow master to get into its address
space or read/write its files. yeah, it's slave, but that doesn't mean
it have no natural human (err, i mean process :-) ) rights.

Egor.            mailto:deo@logos-m.ru ICQ 5165414 FidoNet 2:5020/496.19

More information about the Cygwin-developers mailing list