Fixing a security hole in mount table.

Pierre A. Humblet pierre@phumblet.no-ip.org
Tue Sep 9 04:15:00 GMT 2003


At 09:11 PM 9/8/2003 -0400, you wrote:
>On Mon, Sep 08, 2003 at 08:46:06PM -0400, Pierre A. Humblet wrote:
>>This is the first in a series of patches fixing security holes
>>associated with the file mappings in the core of Cygwin.
>>I hope the explanations below are clear!
>
>Yes they are, thanks.  I can't comment on the security stuff but
>everything else looks good to me.  I'll let Corinna have the final
>say on this.
>
>I wonder if it is time to bite the bullet and get rid of user-mode
>mounts entirely.  Or maybe disallow them in suid'ed sessions?  They
>are always going to be a security hole AFAICT.

Yep, the same thought has crossed my mind. However I now believe
that with the patch the user mounts do not pose a security issue.
And they are really useful! 
 
If we keep accessing HKCU as we do now, we should make a note in the
doc (mount man page ?) that SYSTEM uses the user mounts of .Default.
This could be a source of hard to explain behavior.

Pierre



More information about the Cygwin-patches mailing list