[Patch]: Fixing the PROCESS_DUP_HANDLE security hole (part 1).

Pierre A. Humblet pierre@phumblet.no-ip.org
Tue Dec 9 03:47:00 GMT 2003

At 10:28 PM 12/8/2003 -0500, Christopher Faylor wrote:
>On Mon, Dec 08, 2003 at 10:10:10PM -0500, Pierre A. Humblet wrote:
>>Either myself->set_ctty should be smarter, or fhandler_tty_slave::dup
>>could see if it's about the ctty and simply copy it.
>I stared at the set_ctty code a long time trying to understand why it
>went out of its way to do the ctty dance when there was already a ctty
>and eventually convinced myself that maybe it was necessary in some
>cases.  However, I can't see why it would ever be necessary to overwrite
>the saved ctty so I've checked in a patch that avoids that which, I guess,
>qualifies as making myself->set_ctty smarter.
>Does that solve the problem?

Yes, but now I see another one: open_fhs is off.
fhandler_tty_slave::close: decremented open_fhs -1


P.S. I thought you would have chosen to copy the ctty in dup.

More information about the Cygwin-patches mailing list