This is the mail archive of the cygwin-patches@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [Patch] Fixing the PROCESS_DUP_HANDLE security hole.


On Thu, Nov 11, 2004 at 11:36:32PM -0500, Pierre A. Humblet wrote:
>At 11:24 PM 11/11/2004 -0500, Christopher Faylor wrote:
>>On Thu, Nov 11, 2004 at 10:48:57PM -0500, Pierre A. Humblet wrote:
>>>P.S.: I have no news about the recent patch to /bin/kill -f
>>
>>That is because I was sure that I'd used 'kill -f' to kill windows pids
>>in the past and wanted to check your patch.  I haven't been near a
>>WinMe system in a while, though.  My vmware version isn't working
>>currently.
>
>Funny, I had the same feeling. But this is what happens now:
>
>~: ps
>      PID    PPID    PGID     WINPID  TTY  UID    STIME COMMAND
>   606855       1  606855 4294360441  con  740 23:06:35 /c/PROGRAM
>FILES/CYGWIN/BIN/RXVT
>   537691  606855  537691 4294504569    0  740 23:06:36 /c/PROGRAM
>FILES/CYGWIN/BIN/BASH
>   460171  537691  460171 4294214685    0  740 23:24:07 /c/PROGRAM
>FILES/CYGWIN/BIN/PS
>~: /bin/kill -f 4294504569
>couldn't open pid 2147483647
>
>2147483647 = 0x7FFFFFFF, due to strtol saturating.

That's right.  I have seen that from time to time.

>I just researched the ChangeLog and found a possible cause:
>2003-09-20  Christopher Faylor  <cgf@redhat.com>
>
>        * kill.cc (main): Allow negative pids (indicates process groups).

If that is the cause then bypassing that code when -f is specified should
work.

But, nevertheless, go ahead and check in your patch.

Thanks.

cgf


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]