This is the mail archive of the cygwin-patches@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[Patch]: ciresrv.parent


Now that 1.5.7 is out I am continuing to look at security issues
in the Cygwin core. I can refresh the tty patch of mid December
on demand.

Meanwhile here is a very straightforward patch involving only
deletions.

ciresrv.parent is a handle to the parent process for fork 
and spawn fixups. It has the DUPLICATE_HANDLE security risk.
Fortunately it is never used in the case of spawn: all handles are
inherited, or the parent does the work (sockets). 
In the case of fork there is no security issue.

This initial patch simply removes the creation and closing of the handle.
If no trouble develop (I have been running for several weeks), a second
patch will remove the unused parent argument in the numerous 
fixup_after_exec calls.

Pierre

2004-01-31  Pierre Humblet <pierre.humblet@ieee.org>

	* spawn.cc (spawn_guts): Do not set ciresrv.parent.
	* child_info.h (~child_info_spawn): Do not close parent.
	Update CURR_CHILD_INFO_MAGIC.
	* dcrt0.cc (dll_crt0_0): Do not close spawn_info->parent.
	Pass NULL to cygheap->fdtab.fixup_after_exec().

Attachment: parent.diff
Description: Text document


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]