Mailing-List: contact cygwin-developers-help AT sourceware DOT cygnus DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-developers-owner AT sources DOT redhat DOT com Delivered-To: mailing list cygwin-developers AT sources DOT redhat DOT com Message-ID: <00c001c0b7ce$260631a0$0200a8c0@lifelesswks> From: "Robert Collins" To: "egor duda" References: <4531563555 DOT 20010328212023 AT logos-m DOT ru> Subject: Re: security hole in tty handling code Date: Thu, 29 Mar 2001 07:29:17 +1000 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 X-OriginalArrivalTime: 28 Mar 2001 21:24:05.0816 (UTC) FILETIME=[6B06CB80:01C0B7CD] Why not just set the permissions and let the client calls fail if they aren't from the same user? I've heard that "server" based solutions like you've put toghether usually fail in terminal server environments... Rob ----- Original Message ----- From: "Egor Duda" To: Sent: Thursday, March 29, 2001 3:20 AM Subject: security hole in tty handling code > Hi! > > currently process owning master side of pty removes all security > protections from itself to allow children duplicate tty pipe handles. > i was feeling a bit- uneasy knowing that any user can call > OpenProcess() for inetd daemon running under LocalSystem account and > WriteProcessMemory() to it. > > so i've written a small program acting as server, which receives > requests from cygwin process wanting to open slave side of tty, checks > if client have needed permissions and duplicates pipe handles for it. > patch sent to cygwin-patches. > > i realize that it's rather substantial change in cygwin > architecture, but i think it's essential one if we want to make cygwin > in multi-user environment. > > comments? > > egor. mailto:deo AT logos-m DOT ru icq 5165414 fidonet 2:5020/496.19 > > >