| www.delorie.com/archives/browse.cgi | search |
| Mailing-List: | contact cygwin-developers-help AT sourceware DOT cygnus DOT com; run by ezmlm |
| List-Subscribe: | <mailto:cygwin-developers-subscribe AT sources DOT redhat DOT com> |
| List-Archive: | <http://sources.redhat.com/ml/cygwin-developers/> |
| List-Post: | <mailto:cygwin-developers AT sources DOT redhat DOT com> |
| List-Help: | <mailto:cygwin-developers-help AT sources DOT redhat DOT com>, <http://sources.redhat.com/ml/#faqs> |
| Sender: | cygwin-developers-owner AT sources DOT redhat DOT com |
| Delivered-To: | mailing list cygwin-developers AT sources DOT redhat DOT com |
| Date: | Wed, 28 Mar 2001 21:20:23 +0400 |
| From: | Egor Duda <deo AT logos-m DOT ru> |
| X-Mailer: | The Bat! (v1.45) Personal |
| Reply-To: | egor duda <cygwin-developers AT cygwin DOT com> |
| Organization: | DEO |
| X-Priority: | 3 (Normal) |
| Message-ID: | <4531563555.20010328212023@logos-m.ru> |
| To: | cygwin-developers AT cygwin DOT com |
| Subject: | security hole in tty handling code |
| Mime-Version: | 1.0 |
Hi! currently process owning master side of pty removes all security protections from itself to allow children duplicate tty pipe handles. i was feeling a bit- uneasy knowing that any user can call OpenProcess() for inetd daemon running under LocalSystem account and WriteProcessMemory() to it. so i've written a small program acting as server, which receives requests from cygwin process wanting to open slave side of tty, checks if client have needed permissions and duplicates pipe handles for it. patch sent to cygwin-patches. i realize that it's rather substantial change in cygwin architecture, but i think it's essential one if we want to make cygwin in multi-user environment. comments? egor. mailto:deo AT logos-m DOT ru icq 5165414 fidonet 2:5020/496.19
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |