This is the mail archive of the
cygwin-developers@cygwin.com
mailing list for the Cygwin project.
Re: Fixing the PROCESS_DUP_HANDLE security hole.
On Sat, Sep 27, 2003 at 07:13:07PM -0400, Pierre A. Humblet wrote:
>There is an accurate comment: /* Allow the others to open us (for handle duplication) */
>The proposed patch is avoiding the need for that.
>
>>>b) proc_subproc:
>>> if (!DuplicateHandle (hMainProc, hMainProc, vchild->hProcess, &vchild->ppid_handle,
>>> 0, TRUE, DUPLICATE_SAME_ACCESS)
>>>should be changed to give no access rights to the duplicated handle.
>>>This will still allow to check if the parent is alive, but not to signal it nor
>>>to reparent.
>>
>>Have you verified this on all platforms? I don't think you can assume
>>that ppid_handle will work correctly in a Wait* function if it is duplicated
>>with no special access.
>
>Absolutely correct, SYNCHRONIZE is needed.
Somehow I seem to remember that didn't work (even though I can't imagine
why) but I wasn't clever enough to document why. I guess it can't hurt
to try it, advertise a snapshot, and ask for feedback.
cgf