[Patch]: Fixing the PROCESS_DUP_HANDLE security hole (part 1).
Pierre A. Humblet
Thu Nov 6 01:31:00 GMT 2003
This has been pending for a while. See also
At 09:55 PM 9/29/2003 -0400, Pierre A. Humblet wrote:
>Here is a patch that allows to open master ttys without giving
>full access to the process, at least for access to the ctty.
>It works by snooping the ctty pipe handles and duplicating them
>on the cygheap, for use by future opens in descendant processes.
>It passes all the tests I tried, but considering my lack of knowledge
>about ttys, everything is possible.
>2003-09-29 Pierre Humblet <email@example.com>
> * cygheap.h (class cygheap_ctty): Create.
> (struct init_cygheap): Add inherited_ctty member.
> * cygheap.cc: Include pinfo.h.
> (cygheap_ctty::acquire): Create.
> (cygheap_ctty::pass): Ditto.
> (cygheap_ctty::close): Ditto.
> * fhandler_tty.cc (fhandler_tty_slave::open): Call
> cygheap->inherited_ctty.pass and cygheap->inherited_ctty.acquire.
> * tty.cc (tty::common_init): Remove call to SetKernelObjectSecurity
> and edit some comments.
> * syscalls.cc (setsid): Call cygheap->inherited_ctty.close.
>Attachment Converted: "c:\Home\Pierre\Mail\attach\tty1.dif"
More information about the Cygwin-patches