[PATCH 4/6] forkables: Protect fork against dll-, exe-updates.

[Corinna Vinschen]

On Mar 30 21:12, Michael Haubenwallner wrote:
> On 03/30/2016 09:04 PM, Yaakov Selkowitz wrote:
> > On 2016-03-30 13:53, Michael Haubenwallner wrote:
> >> To support in-cygwin package managers, the fork() implementation must
> >> not rely on .exe and .dll files to stay in their original location, as
> >> the package manager's job is to replace these files.  Instead, we use
> >> the hardlinks to the original binaries in /var/run/cygfork/ to create
> >> the child process during fork, and let the main.exe.local file enable
> >> the "DotLocal Dll Redirection" feature for dlls.
> >>
> >> The (probably few) users that need an update-safe fork manually have to
> >> create the /var/run/cygfork/ directory for now, using:
> >> mkdir --mode=a=rwxt /var/run/cygfork
> > 
> > Have the security implications of this been considered?
> 
> Which security implications do you think of?
> 
> Removed but in-use binaries are available in the recycle bin anyway,
> and can manually be hardlinked to wherever one likes...

Permissions on the parent dirs and the files are always an issue...


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://cygwin.com/pipermail/cygwin-patches/attachments/20160401/69c753a8/attachment.sig>