Resubmission of cygwin_daemon patch.
Robert Collins
robert.collins@syncretize.net
Sun Jun 23 07:01:00 GMT 2002
----- Original Message -----
From: "Conrad Scott" <Conrad.Scott@dsl.pipex.com>
To: "Robert Collins" <robert.collins@syncretize.net>
Cc: <cygwin-patches@cygwin.com>
Sent: Sunday, June 23, 2002 7:35 PM
> About instance detection: you're right that something better could be
> done here. What I've ended up with is really a security patch: it's
> possible for another process to create an instance of a named pipe,
> wait for clients to connect and then impersonate them.
It will always be possible to do that. Anyone can build the cygserver and
insert hostile code into their build. Code interception is a standard
technique for reverse engineering, runtime patching and the like.
In terms of preventing someone hostilely opening the same socket/pipe, I'd
have thought windows prevented multiple listening pipes with the same name.
Rob
More information about the Cygwin-patches
mailing list