This is the mail archive of the cygwin-developers mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: Request for help debugging screen problem

From: Corinna Vinschen <corinna-cygwin at cygwin dot com>
To: cygwin-developers at cygwin dot com
Date: Sun, 7 Feb 2010 16:21:22 +0100
Subject: Re: Request for help debugging screen problem
References: <20100205145154.GP28659@calimero.vinschen.de> <20100205150038.GE28366@ednor.casa.cgf.cx> <20100205152826.GQ28659@calimero.vinschen.de> <20100205153212.GF28366@ednor.casa.cgf.cx> <20100205154621.GS28659@calimero.vinschen.de> <4B6C461A.6050506@shaddybaddah.name> <20100205163801.GW28659@calimero.vinschen.de> <4B6C4BD0.4000805@shaddybaddah.name> <20100206105933.GZ28659@calimero.vinschen.de> <4B6EC7AA.7050809@shaddybaddah.name>
Reply-to: cygwin-developers at cygwin dot com

On Feb  7 14:01, Shaddy Baddah wrote:
> On 6/02/2010 10:59 AM, Corinna Vinschen wrote:
> >It's Session Isolation.
> >
> >Up to Windows 2003, the desktop and the services are running in the same
> >session 0.  Starting with Windows Vista, only the service processes are
> >still running in session 0, while all other sessions including the local
> >desktop are running in other sessions.  Non-admin users and restricted
> >(not-elevated) admin users have no right to penetrate the session
> >barrier.  That's the reason the OpenProcess fails with
> >ERROR_ACCESS_DENIED.
> >
> >However, this shouldn't be the case for cygrunsrv if it's running in
> >session 0 under the SYSTEM account.  The system user should have
> >permission to break the session barrier.  What problem occurs in
> >cygrunsrv exactly when it's running?
> >[...]
> 
> I'm sorry, I have abandoned inspect what the issue with cygserver is
> because I've realised what the real situation is. int
> fhandler_tty_slave::open (int, mode_t) needs to call OpenProcess
> with PROCESS_DUP_HANDLE on the tty master process. When logged in
> via ssh, this is the dedicated sshd process still owned by
> cyg_server.

Huh?  That's not how you explained the situation originally.  IIUYC, the
situation is that a desktop user created a screen session and then the
same user trying to connect to the screen session from a ssh session
gets a permission denied.  In that case, the screen application is the
pty master and when trying to connect from the ssh session, it has to
open the screen process.

> Using ProcExplorer, I see that the regular Users grouped user
> (shaddy account actually) does not have any permissions to this
> process. The (full) permissions are only for:
> 
> SYSTEM
> cyg_server
> Administrators
> 
> Is this due to a recent security change (I vaguely recall some
> mailing list discussion around something close to this)? Is this the
> reason for the cygserver alternative?

No, the cygserver alternative was discussed to workaround a security
problem due to the OpenProcess.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

Follow-Ups:
- Re: Request for help debugging screen problem
  - From: Shaddy Baddah

References:
- Re: Request for help debugging screen problem
  - From: Corinna Vinschen
- Re: Request for help debugging screen problem
  - From: Christopher Faylor
- Re: Request for help debugging screen problem
  - From: Corinna Vinschen
- Re: Request for help debugging screen problem
  - From: Christopher Faylor
- Re: Request for help debugging screen problem
  - From: Corinna Vinschen
- Re: Request for help debugging screen problem
  - From: Shaddy Baddah
- Re: Request for help debugging screen problem
  - From: Corinna Vinschen
- Re: Request for help debugging screen problem
  - From: Shaddy Baddah
- Re: Request for help debugging screen problem
  - From: Corinna Vinschen
- Re: Request for help debugging screen problem
  - From: Shaddy Baddah

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]