This is the mail archive of the cygwin-patches@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

RE: Fixing the delete queue security


You are a *God*, Pierre. ;-)

-- 
Gary R. Van Sickle
Brewer.  Patriot. 


> Cygwin uses a "delete queue" in a shared file mapping to hold
> the names of files that could not be deleted on unlink, usually
> because they were still opened. The queue is scanned by all
> processes so that the files eventually get deleted after they 
> are closed.
> 
> Because Everyone has write access to the file mapping, any user
> can add names to the delete queue, and thus any user can trick
> other processes into deleting any and all files on a PC where a cygwin 
> daemon is running as SYSTEM.
> 
> The solution is simple: create per user delete queues. They are
> placed in the same mapping as the mount table. So the change
> is extremely straightforward. The length of the change log comes
> from renaming many variable to have names reflect functions.
> 
> There will be a follow up patch with the following cleanup:
> remove now unneeded fields from the mount_info and shared_info and 
> run the "magic" on the new/modified structures.
> 
> Pierre
> 
> 
> 2003-09-15  Pierre Humblet <pierre.humblet@ieee.org>
> 
> 	* shared_info.h (class user_info): New.
> 	(cygwin_user_h): New.
> 	(user_shared): New.
> 	(enum shared_locations): Replace SH_MOUNT_TABLE by SH_USER_SHARED;
> 	(mount_table): Change from variable to macro.
> 	* shared.cc: Use sizeof(user_info) in "offsets".
> 	(user_shared_initialize): Add "reinit" argument to indicate need
> 	to reinitialize the mapping. Replace "mount_table" by "user_shared"
> 	throughout. Call user_shared->mountinfo.init and 
> 	user_shared->delqueue.init.
> 	(shared_info::initialize): Do not call delqueue.init.
> 	(memory_init): Add argument to user_shared_initialize.
> 	* child_info.h (child_info::mount_h): Delete. 
> 	(child_info::user_h): New.	
> 	* sigpproc.cc (init_child_info): Use user_h instead of mount_h.
> 	* dcrt0.cc (_dll_crt0): Ditto.
> 	* fhandler_disk_file.cc (fhandler_disk_file::close): Use 
> 	user_shared->delqueue instead of cygwin_shared->delqueue.
> 	* fhandler_virtual.cc (fhandler_virtual::close): Ditto.
> 	* syscalls.cc (close_all_files): Ditto.
> 	(unlink): Ditto.
> 	(seteuid32): Add argument to user_shared_initialize.
> 


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]