Mailing-List: contact cygwin-developers-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-developers-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin-developers/>
List-Post: <mailto:cygwin-developers AT cygwin DOT com>
List-Help: <mailto:cygwin-developers-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-developers-owner AT cygwin DOT com
Delivered-To: mailing list cygwin-developers AT cygwin DOT com
Date: Fri, 8 Nov 2002 11:28:02 -0500
From: Christopher Faylor <cgf AT redhat DOT com>
To: cygwin-developers AT cygwin DOT com
Subject: Re: ntsec patch #4: passwd and group
Message-ID: <20021108162802.GA32143@redhat.com>
Reply-To: cygwin-developers AT cygwin DOT com
Mail-Followup-To: cygwin-developers AT cygwin DOT com
References: <3DCBD52C DOT A1F794FD AT ieee DOT org> <20021108171918 DOT P21920 AT cygbert DOT vinschen DOT de>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20021108171918.P21920@cygbert.vinschen.de>
User-Agent: Mutt/1.5.1i

On Fri, Nov 08, 2002 at 05:19:18PM +0100, Corinna Vinschen wrote:
>> 2) I thought that the passwd/group files where only
>>    read "for the first cygwin process that start up 
>>    on a given console", to use Chris' words in
>>    http://cygwin.com/ml/cygwin-patches/2002-q4/msg00024.html
>
>I discussed this with Chris in innumerable one-on-ones but we
>never found a satisfactory solution for keeping the data just
>once in memory.  I can't reiterate right away but every new
>idea had a flaw.  I'm still at times thinking about something 
>with shared memory but there are as usual security concerns.

Right.  I overstated things a little.  A newly execed process needs to
read /etc/passwd in some cases, iirc.  That's because the passwd info is
not in the cygheap.  I made some changes once to put the passwd info in
the cygheap so that all processes share the info but iirc it actually
slowed things down.

>>    In fact applications such as sshd would benefit from 
>>    rereading the files (if needed) *before* forks or execs,
>>    so that a single reread can serve all future children,
>>    but that approach does not help with thread issues.
>
>I don't think it's worth the effort.  The main reason is that
>changes to passwd and group files are so seldom...

I agree.  How often does /etc/passwd change?

cgf