Part 2 of Fixing a security hole in pinfo.

Pierre A. Humblet pierre@phumblet.no-ip.org
Tue Sep 16 01:03:00 GMT 2003


At 10:03 AM 9/15/2003 +0200, you wrote:
>On Sat, Sep 13, 2003 at 10:30:55PM -0400, Christopher Faylor wrote:
>> On Sat, Sep 13, 2003 at 10:07:42PM -0400, Pierre A. Humblet wrote:
>> >This is the second and final part of the pinfo security patch. 
>> 
>> Looks like a Corinna yea or nay on this one.
>
>The changes look good.  Please apply, Pierre.

Done

>FYI:
>
>What bugged me when reading the patch was my decision at one point to
>use the phrase "orig_sid".  The "orig_sid" is basically what is called
>a "saved id" in POSIX systems and I think it would help reading the
>code if we also rename orig_sid/orig_uid/orig_gid to saved_sid/saved_uid/
>saved_gid and using the phrase "saved" instead of "orig" or "original"
>throughout.

It's true that there are similarities, but there are also important
differences, so using the exact same name may be confusing. 
Not sure what to suggest, your original choice makes sense to me :)

There is also a change I'd like to make eventually: the original_sid
and the sid are cmalloc'ed. As they have a fixed size and every process
needs them, we might as well make them cygsid's in the user structure.
That would be safer and would simplify a few things.

Pierre



More information about the Cygwin-patches mailing list