[Patch]: Fixing the PROCESS_DUP_HANDLE security hole (part 1).

Pierre A. Humblet pierre@phumblet.no-ip.org
Thu Nov 6 01:31:00 GMT 2003


Ping? 

This has been pending for a while. See also
<http://cygwin.com/ml/cygwin-patches/2003-q4/msg00003.html>

Pierre

At 09:55 PM 9/29/2003 -0400, Pierre A. Humblet wrote:
>Here is a patch that allows to open master ttys without giving
>full access to the process, at least for access to the ctty. 
>
>It works by snooping the ctty pipe handles and duplicating them
>on the cygheap, for use by future opens in descendant processes.
>
>It passes all the tests I tried, but considering my lack of knowledge
>about ttys, everything is possible.
>
>Pierre
>
>
>2003-09-29  Pierre Humblet <pierre.humblet@ieee.org>
>
>	* cygheap.h (class cygheap_ctty): Create.
>	(struct init_cygheap): Add inherited_ctty member.
>	* cygheap.cc: Include pinfo.h.
>	(cygheap_ctty::acquire): Create.
>	(cygheap_ctty::pass): Ditto.
>	(cygheap_ctty::close): Ditto.
>	* fhandler_tty.cc (fhandler_tty_slave::open): Call
>	cygheap->inherited_ctty.pass and cygheap->inherited_ctty.acquire.
>	* tty.cc (tty::common_init): Remove call to SetKernelObjectSecurity
>	and edit some comments.
>	* syscalls.cc (setsid): Call cygheap->inherited_ctty.close.
>
>Attachment Converted: "c:\Home\Pierre\Mail\attach\tty1.dif"
>



More information about the Cygwin-patches mailing list