[Patch]: Fixing the PROCESS_DUP_HANDLE security hole (part 1).

Pierre A. Humblet pierre@phumblet.no-ip.org
Thu Nov 6 01:31:00 GMT 2003


This has been pending for a while. See also


At 09:55 PM 9/29/2003 -0400, Pierre A. Humblet wrote:
>Here is a patch that allows to open master ttys without giving
>full access to the process, at least for access to the ctty. 
>It works by snooping the ctty pipe handles and duplicating them
>on the cygheap, for use by future opens in descendant processes.
>It passes all the tests I tried, but considering my lack of knowledge
>about ttys, everything is possible.
>2003-09-29  Pierre Humblet <pierre.humblet@ieee.org>
>	* cygheap.h (class cygheap_ctty): Create.
>	(struct init_cygheap): Add inherited_ctty member.
>	* cygheap.cc: Include pinfo.h.
>	(cygheap_ctty::acquire): Create.
>	(cygheap_ctty::pass): Ditto.
>	(cygheap_ctty::close): Ditto.
>	* fhandler_tty.cc (fhandler_tty_slave::open): Call
>	cygheap->inherited_ctty.pass and cygheap->inherited_ctty.acquire.
>	* tty.cc (tty::common_init): Remove call to SetKernelObjectSecurity
>	and edit some comments.
>	* syscalls.cc (setsid): Call cygheap->inherited_ctty.close.
>Attachment Converted: "c:\Home\Pierre\Mail\attach\tty1.dif"

More information about the Cygwin-patches mailing list