This is the mail archive of the
cygwin-patches@cygwin.com
mailing list for the Cygwin project.
Re: [Patch] Fixing the PROCESS_DUP_HANDLE security hole.
At 01:03 PM 11/14/2004 -0500, Christopher Faylor wrote:
>On Sun, Nov 14, 2004 at 12:34:30PM -0500, Pierre A. Humblet wrote:
>>At 12:11 AM 11/14/2004 -0500, Christopher Faylor wrote:
>
>>BTW, have you ever tried using select, having a connection from the
>>parent to the child?
>
>select involves polling or setting up other events to track end-of-pipe
>conditions. I don't think that's a win.
I meant the Windows select, on sockets.
>>>When I get the code to a point that it can run configure, I'll do a
>>>benchmark and see how bad this technique is. If there is not a
>>>noticeable degradation, I think I'll probably duplicate the scenario of
>>>last year and checkin this revamp which, I believe will eliminate the
>>>security problem that you were talking about.
>>
>>There is also the case where a setuid child needs to signal its parent.
>>That's another use of my ppid_waitsig, avoiding the PROCESS_DUP_HANDLE
>>issue.
>>Could your "end of pid" pipe be used to transmit signals, with the reader
>>thread forwarding the sigpacket to the local sigthread?
>
>It could but that's not its intent. It's used now to transmit stop/continue
>state but if you need to send a signal from parent to child, I don't think
>it makes sense to relay it through this mechanism.
Then something else is needed. An advantage of the relay is that it could
allow only stop/continue to pass through. The ppid_waitsig lets all signals
go through.
Pierre