security hole in tty handling code

Robert Collins
Wed Mar 28 13:30:00 GMT 2001

Why not just set the permissions and let the client calls fail if they
aren't from the same user?

I've heard that
"server" based solutions like you've put toghether usually fail in
terminal server environments...


----- Original Message -----
From: "Egor Duda" <>
To: <>
Sent: Thursday, March 29, 2001 3:20 AM
Subject: security hole in tty handling code

> Hi!
>   currently process owning master side of pty removes all security
> protections from itself to allow children duplicate tty pipe handles.
> i was feeling a bit- uneasy knowing that any user can call
> OpenProcess() for inetd daemon running under LocalSystem account and
> WriteProcessMemory() to it.
>   so i've written a small program acting as server, which receives
> requests from cygwin process wanting to open slave side of tty, checks
> if client have needed permissions and duplicates pipe handles for it.
> patch sent to cygwin-patches.
>   i realize that it's rather substantial change in cygwin
> architecture, but i think it's essential one if we want to make cygwin
> in multi-user environment.
> comments?
> egor.   icq 5165414 fidonet

More information about the Cygwin-developers mailing list