This is the mail archive of the
cygwin-patches@cygwin.com
mailing list for the Cygwin project.
Re: [Patch]: Fixing the PROCESS_DUP_HANDLE security hole (part 1).
At 10:28 PM 12/8/2003 -0500, Christopher Faylor wrote:
>On Mon, Dec 08, 2003 at 10:10:10PM -0500, Pierre A. Humblet wrote:
>>Either myself->set_ctty should be smarter, or fhandler_tty_slave::dup
>>could see if it's about the ctty and simply copy it.
>
>I stared at the set_ctty code a long time trying to understand why it
>went out of its way to do the ctty dance when there was already a ctty
>and eventually convinced myself that maybe it was necessary in some
>cases. However, I can't see why it would ever be necessary to overwrite
>the saved ctty so I've checked in a patch that avoids that which, I guess,
>qualifies as making myself->set_ctty smarter.
>
>Does that solve the problem?
Yes, but now I see another one: open_fhs is off.
fhandler_tty_slave::close: decremented open_fhs -1
Pierre
P.S. I thought you would have chosen to copy the ctty in dup.