This is the mail archive of the cygwin-patches@cygwin.com mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Part 2 of Fixing a security hole in mount table.

From: "Pierre A. Humblet" <pierre at phumblet dot no-ip dot org>
To: cygwin-patches at cygwin dot com
Date: Tue, 09 Sep 2003 23:54:26 -0400
Subject: Part 2 of Fixing a security hole in mount table.

This is the follow up on yesterday's patch.
There is no change in external behavior, just cleaning up.

The main innovation is the new function cygheap_user::init
that initializes the user name and sid just after the cygheap is
initialized. 
The information can then be used in user_shared_initialize and
need not be obtained again in internal_getlogin.

Pierre
 
2003-09-10  Pierre Humblet <pierre.humblet@ieee.org>

	* shared_info.h (shared_info::initialize): Remove argument.
	* cygheap.h (cygheap_user::init): New declaration.
	* uinfo.cc (cygheap_user::init): New.
	(internal_getlogin): Move functionality to cygheap_user::init.
	Open the process token to update the group sid.
	* shared.cc (user_shared_initialize): Get the user information
	from cygheap->user.
	(shared_info::initialize): Remove argument. Call cygheap->user.init
	instead of cygheap->user.set_name.
	(memory_init): Do not get the user name and do not pass it to
	shared_info::initialize.
	* registry.cc (get_registry_hive_path): Make csid a cygpsid.
	(load_registry_hive): Ditto.

Attachment: shared2.diff
Description: Text document

Follow-Ups:
- Re: Part 2 of Fixing a security hole in mount table.
  - From: Corinna Vinschen

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]