This is the mail archive of the cygwin-patches@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Security patches


Hello Corinna,

Attached are 7 diff files, implementing changes discussed
last weekend, with two differences:

1) I kept spawn.cc almost intact. I had not considered
the possibility of an outside token (from old applications).
Also RevertToSelf() is and will remain needed.

2) When a call is made to cygheap->user.sid() in __sec_user(),
after seteuid() has been called, it returns the NEW sid,
which is the same as sid2. Thus the new sid is put twice 
in the acl, and the old user is NOT put it.
That's a problem when the old user is not in admins.
I have replaced the call to cygheap->user.sid() by a new func
sec_process_sid(), whick looks up the user sid from the process
token. This is a cumbersone method to get a simple thing. 
There are better ways. The process sid could be in cygheap 
(it changes rarely), or there could be a NOCOPY variable 
hMainToken (set in dcrt0.c) to make it easy to access the 
process token (it's opened and closed quite often in a number
of places). Either can be added later. I prefer the second 
method.

Changelog entries appear below, I hope the format is OK.
Does RedHat have my copyright assignment after all?
As usual, feel free to improve.

Pierre

2002-03-08  Pierre Humblet <pierre.humblet@ieee.org>
	
	* spawn.cc (spawn_guts): Move call to set_process_privilege()
	to load_registry_hive().
	* registry.cc (load_registry_hive): ditto.

	* fork.cc (fork_parent): Call sec_user_nih() only once.

	* shared.cc (sec_process_sid): Create.
	(sec_acl): Create from part of __sec_user(), except creator/owner.
	(__sec_user): Split into sec_acl(). Call sec_process_sid()
	instead of cygheap->user.sid().
	* security.h: Define new functions above and MAX_DACL_LEN.

	* syscalls.cc (setegid): Reverse change from 2002-01-21. Also
	call RevertToSelf and set primary group in impersonation token.

	* syscalls.cc (seteuid): Set default dacl in process token.
	Replace in-line code by call to verify_token().
	* security.cc (create_token): Store pgrpsid in security descriptor,
	except if it already appears in my_grps. Use sec_acl() in place
	of get_dacl()
	(verify_token): Create from code in seteuid(), with tighter checks.
	(get_dacl) Deleted.
	(get_group_sidlist): Add argument to indicate if pgrpsid is already
	in the groups.
	* autoload.cc: Load GetKernelObjectSecurity().

Attachment: syscalls.cc.diff
Description: Text document

Attachment: fork.cc.diff
Description: Text document

Attachment: security.cc.diff
Description: Text document

Attachment: security.h.diff
Description: Text document

Attachment: shared.cc.diff
Description: Text document

Attachment: spawn.cc.diff
Description: Text document

Attachment: autoload.cc.diff
Description: Text document


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]