Mailing-List: contact cygwin-developers-help AT sourceware DOT cygnus DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-developers-subscribe AT sources DOT redhat DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin-developers/>
List-Post: <mailto:cygwin-developers AT sources DOT redhat DOT com>
List-Help: <mailto:cygwin-developers-help AT sources DOT redhat DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-developers-owner AT sources DOT redhat DOT com
Delivered-To: mailing list cygwin-developers AT sources DOT redhat DOT com
Date: Wed, 28 Mar 2001 21:20:23 +0400
From: Egor Duda <deo AT logos-m DOT ru>
X-Mailer: The Bat! (v1.45) Personal
Reply-To: egor duda <cygwin-developers AT cygwin DOT com>
Organization: DEO
X-Priority: 3 (Normal)
Message-ID: <4531563555.20010328212023@logos-m.ru>
To: cygwin-developers AT cygwin DOT com
Subject: security hole in tty handling code
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Hi!

  currently process owning master side of pty removes all security
protections from itself to allow children duplicate tty pipe handles.
i was feeling a bit- uneasy knowing that any user can call
OpenProcess() for inetd daemon running under LocalSystem account and
WriteProcessMemory() to it.

  so i've written a small program acting as server, which receives
requests from cygwin process wanting to open slave side of tty, checks
if client have needed permissions and duplicates pipe handles for it.
patch sent to cygwin-patches.

  i realize that it's rather substantial change in cygwin
architecture, but i think it's essential one if we want to make cygwin
in multi-user environment.

comments?

egor.            mailto:deo AT logos-m DOT ru icq 5165414 fidonet 2:5020/496.19