Mailing-List: contact cygwin-developers-help AT sourceware DOT cygnus DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-developers-subscribe AT sources DOT redhat DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin-developers/>
List-Post: <mailto:cygwin-developers AT sources DOT redhat DOT com>
List-Help: <mailto:cygwin-developers-help AT sources DOT redhat DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-developers-owner AT sources DOT redhat DOT com
Delivered-To: mailing list cygwin-developers AT sources DOT redhat DOT com
Date: Wed, 18 Apr 2001 22:57:01 +0400
From: egor duda <deo AT logos-m DOT ru>
X-Mailer: The Bat! (v1.45) Personal
Reply-To: egor duda <cygwin-developers AT cygwin DOT com>
Organization: deo
X-Priority: 3 (Normal)
Message-ID: <107356516774.20010418225701@logos-m.ru>
To: Corinna Vinschen <cygwin-developers AT cygwin DOT com>
Subject: Re: handle protection - please comment
In-reply-To: <20010418202943.O15005@cygbert.vinschen.de>
References: <EA18B9FA0FE4194AA2B4CDB91F73C0EF79C2 AT itdomain002 DOT itdomain DOT net DOT au>
 <20010418120530 DOT Q15962 AT cygbert DOT vinschen DOT de>
 <00a401c0c7f0$02bb1f30$0200a8c0 AT lifelesswks>
 <13327115627 DOT 20010418144700 AT logos-m DOT ru>
 <20010418155552 DOT S15962 AT cygbert DOT vinschen DOT de>
 <175340295909 DOT 20010418182640 AT logos-m DOT ru>
 <20010418164712 DOT J15005 AT cygbert DOT vinschen DOT de>
 <53342543912 DOT 20010418190408 AT logos-m DOT ru>
 <20010418173712 DOT N15005 AT cygbert DOT vinschen DOT de>
 <107348915634 DOT 20010418205020 AT logos-m DOT ru>
 <20010418202943 DOT O15005 AT cygbert DOT vinschen DOT de>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Hi!

Wednesday, 18 April, 2001 Corinna Vinschen vinschen AT redhat DOT com wrote:

>> now look what /tmp/secret contains.

CV> I didn't test it but I assume it contains "Kaboom!". Hmm. I'm somewhat
CV> distressed about that result. So the secure way to get a handle to any
CV> shared object is by accessing it using names as suggested by Robert.
CV> This doesn't apply to parent/child relations, obviously.

yes. or via trusted server process running under administrator
account. i suppose PSTORES.EXE (MS' "Protected storage service" is
used for somthing like this).

RC>> The thing egor as talking about was child process's needing to read the
RC>> parents open handles, and that programs than setuid are apparently
RC>> setting the perms to everyone, all to allow the child process with it's
RC>> different uid to read the handles. He was proposing a server model,

CV> Wouldn't that problem (which originally was related to ttys) be resolved
CV> if the master cares for the duplication?

but slave may also care to not allow master to get into its address
space or read/write its files. yeah, it's slave, but that doesn't mean
it have no natural human (err, i mean process :-) ) rights.

Egor.            mailto:deo AT logos-m DOT ru ICQ 5165414 FidoNet 2:5020/496.19