This is the mail archive of the cygwin-patches@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [Patch] Fixing the PROCESS_DUP_HANDLE security hole.



"Pierre A. Humblet" wrote:
> 
> "Pierre A. Humblet" wrote:
> >
> > When running try_spawn with the snapshot, during the sleep period
> > ps reports
> >
> >       690     443     690        232    0 11054 10:32:21 <defunct>
> >       464     690     690        464    0 11054 10:32:21 /c/WINNT/system32/notepad
> 
> FWIW, I was thinking about this during lunch.
> The basic issue is that the pipe to the parent is not closed in the spawned
> Windows process. One way out is to make the pipe non-inheritable and
> duplicate it either in the parent (fork and spawn, except detach)
> or in the child (exec). Now that subproc_ready is back, it doesn't matter
> that an exec'ed Windows process does not duplicate the pipe.

Actually, the parent is supposed to disappear anyway in the case of
an exec. So it could make the pipe inheritable just before the exec.
In multithreaded programs, other threads should be forbidden to
fork and spawn once a thread has called exec.

Pierre


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]