www.delorie.com/archives/browse.cgi | search |
Mailing-List: | contact cygwin-developers-help AT sourceware DOT cygnus DOT com; run by ezmlm |
List-Subscribe: | <mailto:cygwin-developers-subscribe AT sources DOT redhat DOT com> |
List-Archive: | <http://sources.redhat.com/ml/cygwin-developers/> |
List-Post: | <mailto:cygwin-developers AT sources DOT redhat DOT com> |
List-Help: | <mailto:cygwin-developers-help AT sources DOT redhat DOT com>, <http://sources.redhat.com/ml/#faqs> |
Sender: | cygwin-developers-owner AT sources DOT redhat DOT com |
Delivered-To: | mailing list cygwin-developers AT sources DOT redhat DOT com |
MIME-Version: | 1.0 |
Subject: | handle protection - please comment |
X-MimeOLE: | Produced By Microsoft Exchange V6.0.4417.0 |
content-class: | urn:content-classes:message |
Date: | Wed, 18 Apr 2001 10:54:06 +1000 |
Message-ID: | <EA18B9FA0FE4194AA2B4CDB91F73C0EF79C2@itdomain002.itdomain.net.au> |
Thread-Topic: | handle protection - please comment |
Thread-Index: | AcDHohHDfU+ilAThQiud4BodeY3jfA== |
From: | "Robert Collins" <robert DOT collins AT itdomain DOT com DOT au> |
To: | <cygwin-developers AT cygwin DOT com> |
X-MIME-Autoconverted: | from quoted-printable to 8bit by delorie.com id VAA25007 |
This is just a follow up to Egor's proposed server for handle control. I have done some basic testing using DWORD sd_size = 4096; char sd_buf[4096]; PSECURITY_DESCRIPTOR psd = (PSECURITY_DESCRIPTOR) sd_buf; psd = alloc_sd (getuid(), getgid(), cygheap->user.logsrv (), mode, psd, &sd_size) and then SECURITY_ATTRIBUTES sa; sa.nLength=sizeof(sa); sa.lpSecurityDescriptor=psd; sa.bInheritHandle= TRUE; //or FALSE as appropriate for the handle This gives you an custom security attributes structure the appropriate win32 style permissions to match the mode , user and group you passed to alloc_sd. if psd is NULL, (ie running on win95) the OS will operate correctly. I'm currently building testcases for mutexs in shared memory, which is how I got onto this. security wise, on win9x, there is no security, but there isn't anyway - any process can open any shared memory area and so forth (ie it doesn't matter how many layers of abstraction you put on it, someone with the source can iterate through all the publicly available structures). On NT/2K, it should give exactly the desired permissions, no more, no less. Rob
webmaster | delorie software privacy |
Copyright © 2019 by DJ Delorie | Updated Jul 2019 |