This is the mail archive of the mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: More security issues

On Wed, Feb 13, 2002 at 03:50:51PM -0500, Pierre A. Humblet wrote:
> Corinna,
> please forget my previous message for now.

No problem (I'm very busy currently).  Just a side note I forgot
in my previous posting.  The sec_user() call in CreateProcess()
was never intended to set the default DACL (I didn't even know
that something like that exists when I added that) but to set the
permissions to access the process.  If you're running processes
under different user accounts you can't kill processes of other
accounts if the SA is sec_all_nih.  This is unfortunately also true
for admins.  Even worse, admins can't stop processes running under
SYSTEM account (services).  Therefore, when using ntsec, the sec_user()
call should set an SD with explicit permissions for the process which
always should allow access for

  - the user
  - admin
  - system

and, if the process is started from a different user account under
setuid() conditions,

  - the original user of the starting process

When I implemented this, the fork/exec implementation was pretty
different from today.  As far as I rememeber, the code which copied
data from one process to the other needed access under the 2nd SID.
This could qualify for some code which could be pretty useless
today.  E.g. your observation that RevertToSelf() could be dropped,

Just if that's not clear, I'm really appreciating that you're
trying to get to the bottom of that code.


Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                      
Red Hat, Inc.

Unsubscribe info:
Bug reporting:

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]