[Patch]: Create Global Privilege

Pierre A. Humblet pierre@phumblet.no-ip.org
Tue Dec 2 03:56:00 GMT 2003

Corinna Vinschen wrote:
>On Sun, Nov 30, 2003 at 12:07:22AM +0100, Corinna Vinschen wrote:
>> On Wed, Nov 26, 2003 at 10:45:57AM -0500, Pierre A. Humblet wrote:
>> > At 03:32 PM 11/26/2003 +0100, Corinna Vinschen wrote:
>> > >Imagine a sshd service is running on the system.  This service has the
>> > >SE_CREATE_GLOBAL_NAME privilege and would create the global object on
>> > >system startup (given the service is in automatic mode).  Other
>> > >would then be able to access the global object, regardless if running in
>> > >a terminal session or not.  This would keep the process list together,
>> > >for instance.
>> > [...]
>> > The problem with the track you start on is that one can end up with a
>> > split system, e.g. the cygwin share in global space and a tty in local
>> > space, invisible to the rest of the system. I am unsure of what can
>> > happen then. Also the user share could be either global or local,
>> > if a user (or a seteuid process) is already running at the
>> > at the moment a session starts under Terminal Services. 
>> > That leads to indeterminate behavior.
>> If we make sure that the first process started in a process hirarchy
>> determines where the shared mem is, that shouldn't be a problem.  The
>> decision should be made only once.
>I've applied the patch which just a minor change to remove the
>`if (!prefix)'.

>However, I think the right thing to do would be to add prefix to
>cygheap_init so that it survives exec(2) calls.

Great Corinna, putting prefix in the cygheap is exactly what I meant to do,
as discussed earlier in the thread. It wasn't in this patch only to keep
it simple.

Below is another small patch to lookup pinfo's in the global name space
when possible.

Also, the utmp/wtmp functions use mutexes to insure safe access.
That creates two problems, particularly on servers:
- When users have private copies of Cygwin with different mounts,
  there can be several utmp/wtmp files. Having a global mutex isn't
- If the utmp/wtmp files are unique, a user may not be have the
  privilege to create a global mutex, so that no mutual protection
  is achieved.
Both problems could be solved very simply by using file locking.
Should I do that some day?


2003-12-02  Pierre Humblet <pierre.humblet@ieee.org>

	* pinfo.cc (pinfo::init): Use shared_name to construct the mapname.

Index: pinfo.cc
RCS file: /cvs/src/src/winsup/cygwin/pinfo.cc,v
retrieving revision 1.92
diff -u -p -r1.92 pinfo.cc
--- pinfo.cc    28 Nov 2003 20:55:58 -0000      1.92
+++ pinfo.cc    2 Dec 2003 01:26:54 -0000
@@ -147,7 +147,7 @@ pinfo::init (pid_t n, DWORD flag, HANDLE
       int created;
       char mapname[CYG_MAX_PATH]; /* XXX Not a path */
-      __small_sprintf (mapname, "cygpid.%x", n);
+      shared_name (mapname, "cygpid", n);
       int mapsize;
       if (flag & PID_EXECED)

More information about the Cygwin-patches mailing list