Fixing a security hole in pinfo.

Pierre A. Humblet pierre@phumblet.no-ip.org
Thu Sep 11 15:23:00 GMT 2003


At 12:15 AM 9/11/2003 -0400, you wrote:
>On Thu, Sep 11, 2003 at 12:05:42AM -0400, Pierre A. Humblet wrote:
>>The flag PID_MAP_RW is added in the few pinfo constructors
>>that need to be write into _pinfo if it exists. 
>>[snip]
>>diff -u -p -r1.166 exceptions.cc
>>--- exceptions.cc	10 Sep 2003 17:26:12 -0000	1.166
>>+++ exceptions.cc	11 Sep 2003 03:40:57 -0000
>>@@ -610,7 +610,7 @@ sig_handle_tty_stop (int sig)
>>      its list of subprocesses.  */
>>   if (my_parent_is_alive ())
>>     {
>>-      pinfo parent (myself->ppid);
>>+      pinfo parent (myself->ppid, PID_MAP_RW);
>>       if (NOTSTATE (parent, PID_NOCLDSTOP))
>> 	sig_send (parent, SIGCHLD);
>>     }
>
>The above won't need to be RW when I check in my new signal changes.
>(Not that there won't be other inheritance type problems)

Yep, I kind of suspected that, but it's still needed now.
I count on your solution to solve the issue of seteuid'ed children.
In fact, does your solution ever write to a remote _pinfo? 
The PID_MAP_RW flag may have a very short life!
 
>I'm going to hold off on checking this in until 1.5.4 is released.

OK, I'd rather let it be tested for a few days.

Pierre

P.S.: Your announcement for 1.5.4 is OK as far as I am concerned.



More information about the Cygwin-patches mailing list