This is the mail archive of the cygwin-developers@cygwin.com mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Fixing the PROCESS_DUP_HANDLE security hole.

On Sat, Sep 27, 2003 at 07:13:07PM -0400, Pierre A. Humblet wrote:
>There is an accurate comment: /* Allow the others to open us (for handle duplication) */
>The proposed patch is avoiding the need for that.
> 
>>>b) proc_subproc:
>>>      if (!DuplicateHandle (hMainProc, hMainProc, vchild->hProcess, &vchild->ppid_handle,
>>>		0, TRUE, DUPLICATE_SAME_ACCESS)
>>>should be changed to give no access rights to the duplicated handle.
>>>This will still allow to check if the parent is alive, but not to signal it nor
>>>to reparent.
>>
>>Have you verified this on all platforms?  I don't think you can assume
>>that ppid_handle will work correctly in a Wait* function if it is duplicated
>>with no special access.  
>
>Absolutely correct, SYNCHRONIZE is needed.

Somehow I seem to remember that didn't work (even though I can't imagine
why) but I wasn't clever enough to document why.  I guess it can't hurt
to try it, advertise a snapshot, and ask for feedback.

cgf
Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]