This is the mail archive of the cygwin-patches@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Fixing a security hole in mount table.


On Mon, Sep 08, 2003 at 08:46:06PM -0400, Pierre A. Humblet wrote:
>This is the first in a series of patches fixing security holes
>associated with the file mappings in the core of Cygwin.
>I hope the explanations below are clear!

Yes they are, thanks.  I can't comment on the security stuff but
everything else looks good to me.  I'll let Corinna have the final
say on this.

I wonder if it is time to bite the bullet and get rid of user-mode
mounts entirely.  Or maybe disallow them in suid'ed sessions?  They
are always going to be a security hole AFAICT.

cgf


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]