This is the mail archive of the cygwin-patches@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [Patch] Fixing the PROCESS_DUP_HANDLE security hole.


On Sat, Nov 20, 2004 at 01:23:39AM -0500, Christopher Faylor wrote:
>On Tue, Nov 16, 2004 at 10:56:40AM -0500, Christopher Faylor wrote:
>>The simplification of the code from removing all of the reparenting
>>considerations is not something that I'm going to give up on easily.
>
>Well, the code seems to be slightly faster now than the old method, so
>that's something.  I think it's also a lot simpler.

I've checked in my revamp of the exec/wait code.  There are still some
other ways to do what I did and maybe I'll experiment with using
multiple threads running WaitForMultipleObjects, but, for now, cygwin is
using the one thread per process technique.

AFAIK, the only problem with the current code is if a parent process
forks a process, calls setuid, and execs a non-cygwin process it is
possible that the parent process won't be able to retrieve the exit
value of the non-cygwin process.

Right now, my reaction to this crucial shortcoming is "oh well" but
if it actually proves to be a problem, I know how to deal with it.

This was a major change but, if wc and ls are to believed, the net
result is a reduction in size of the dll.  I don't detect any change in
behavior as far as timings are concerned but I still need to check
things on a single processor CPU.

cgf


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]