This is the mail archive of the
cygwin-developers@cygwin.com
mailing list for the Cygwin project.
more security
- To: <cygwin-developers at cygwin dot com>
- Subject: more security
- From: "Robert Collins" <robert dot collins at itdomain dot com dot au>
- Date: Sat, 30 Jun 2001 00:05:37 +1000
I just thought of a potential security hole - more stuff for the daemon. I'm
mailing for archive, not to request or offer a fix. I also haven't checked
the code due to being about to go to sleep...
The delete-on-close queue has no way of verifying that the poster of an item
there has the right to delete the file.
sample exploit in theory: user program in sshd adds system critical files to
the delete-on-close queue, without ever trying to open the files.
Admin comes along and runs cygwin process that access said files (say just
checking for #! even, and they get rm'd on close.
Rob