This is the mail archive of the cygwin-patches mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH 4/6] forkables: Protect fork against dll-, exe-updates.

From: Yaakov Selkowitz <yselkowitz at cygwin dot com>
To: cygwin-patches at cygwin dot com
Date: Wed, 30 Mar 2016 14:04:13 -0500
Subject: Re: [PATCH 4/6] forkables: Protect fork against dll-, exe-updates.
Authentication-results: sourceware.org; auth=none
References: <1459364024-24891-1-git-send-email-michael dot haubenwallner at ssi-schaefer dot com> <1459364024-24891-5-git-send-email-michael dot haubenwallner at ssi-schaefer dot com>

On 2016-03-30 13:53, Michael Haubenwallner wrote:

To support in-cygwin package managers, the fork() implementation must
not rely on .exe and .dll files to stay in their original location, as
the package manager's job is to replace these files.  Instead, we use
the hardlinks to the original binaries in /var/run/cygfork/ to create
the child process during fork, and let the main.exe.local file enable
the "DotLocal Dll Redirection" feature for dlls.

The (probably few) users that need an update-safe fork manually have to
create the /var/run/cygfork/ directory for now, using:
mkdir --mode=a=rwxt /var/run/cygfork


Have the security implications of this been considered?

--
Yaakov

Follow-Ups:
- Re: [PATCH 4/6] forkables: Protect fork against dll-, exe-updates.
  - From: Michael Haubenwallner

References:
- [PATCH 0/6] Protect fork() against dll- and exe-updates.
  - From: Michael Haubenwallner
- [PATCH 4/6] forkables: Protect fork against dll-, exe-updates.
  - From: Michael Haubenwallner

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]