This is the mail archive of the
cygwin-patches@cygwin.com
mailing list for the Cygwin project.
Re: [Patch]: Fixing the PROCESS_DUP_HANDLE security hole (part 1).
- From: Christopher Faylor <cgf at redhat dot com>
- To: cygwin-patches at cygwin dot com
- Date: Sun, 7 Dec 2003 17:40:17 -0500
- Subject: Re: [Patch]: Fixing the PROCESS_DUP_HANDLE security hole (part 1).
- References: <3.0.5.32.20030929215525.0082c4f0@incoming.verizon.net>
- Reply-to: cygwin-patches at cygwin dot com
On Mon, Sep 29, 2003 at 09:55:25PM -0400, Pierre A. Humblet wrote:
>Here is a patch that allows to open master ttys without giving
>full access to the process, at least for access to the ctty.
>
>It works by snooping the ctty pipe handles and duplicating them
>on the cygheap, for use by future opens in descendant processes.
>
>It passes all the tests I tried, but considering my lack of knowledge
>about ttys, everything is possible.
I checked in a variation of this patch. It restructures the way
controlling tty is handled, making it a little easier to deal with
/dev/tty at the fhandler level. I suspect that eventually there will
be a fhandler_ctty class but, for now, this seems to work.
I'm not 100% certain that I got the close-on-exec stuff right but, fwiw,
it seems to work with the combination of ssh/zsh which is usually a
pretty tough test for this kind of thing. I did check to make sure that
access to a tty is now not allowed from a non-privileged account thanks
to the tty.cc change below.
Thanks for the patch and sorry for the delay.
cgf