This is the mail archive of the
cygwin-patches@cygwin.com
mailing list for the Cygwin project.
Re: Fixing a security hole in mount table.
- From: Christopher Faylor <cgf at redhat dot com>
- To: cygwin-patches at cygwin dot com
- Date: Mon, 8 Sep 2003 21:11:34 -0400
- Subject: Re: Fixing a security hole in mount table.
- References: <3.0.5.32.20030908204606.00816d10@incoming.verizon.net>
- Reply-to: cygwin-patches at cygwin dot com
On Mon, Sep 08, 2003 at 08:46:06PM -0400, Pierre A. Humblet wrote:
>This is the first in a series of patches fixing security holes
>associated with the file mappings in the core of Cygwin.
>I hope the explanations below are clear!
Yes they are, thanks. I can't comment on the security stuff but
everything else looks good to me. I'll let Corinna have the final
say on this.
I wonder if it is time to bite the bullet and get rid of user-mode
mounts entirely. Or maybe disallow them in suid'ed sessions? They
are always going to be a security hole AFAICT.
cgf