This is the mail archive of the cygwin-patches mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [PATCH 4/6] forkables: Protect fork against dll-, exe-updates.


On 03/30/2016 09:04 PM, Yaakov Selkowitz wrote:
> On 2016-03-30 13:53, Michael Haubenwallner wrote:
>> To support in-cygwin package managers, the fork() implementation must
>> not rely on .exe and .dll files to stay in their original location, as
>> the package manager's job is to replace these files.  Instead, we use
>> the hardlinks to the original binaries in /var/run/cygfork/ to create
>> the child process during fork, and let the main.exe.local file enable
>> the "DotLocal Dll Redirection" feature for dlls.
>>
>> The (probably few) users that need an update-safe fork manually have to
>> create the /var/run/cygfork/ directory for now, using:
>> mkdir --mode=a=rwxt /var/run/cygfork
> 
> Have the security implications of this been considered?

Which security implications do you think of?

Removed but in-use binaries are available in the recycle bin anyway,
and can manually be hardlinked to wherever one likes...

/haubi/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]