problem with readonly pinfo?
Pierre A. Humblet
Pierre.Humblet@ieee.org
Wed Sep 17 00:55:00 GMT 2003
At 08:42 PM 9/16/2003 -0400, Christopher Faylor wrote:
>If I as a process group leader fork/exec a process, it doesn't seem like
>there's any way to distribute signals to the suid'ed subprocess since
>the shared memory region (or eventually pipe) for the subprocess will be
>inaccessible.
>
>Is there a way to play around with the security descriptor to fake process
>groups? Also, isn't the owner of a process always allowed to send the
process
>a control-C even if the owner is different than the uid of the process being
>run?
The way I have written the security attributes, the subprocess
pinfo is accessible both by Admins (always) and by the sid of the
parent.
The Admins will propagate for all future generations, but not
the sid of the parent.
In the rare case where the setuid'ing process is not in Admins,
we should find a way to propagate its sid to its descendants,
while they remain in its group.
I don't know a way to give permissions to the process group leader
without giving permission to all processeses run by the same user.
But that's not a security issue.
Pierre
More information about the Cygwin-developers
mailing list