security hole in tty handling code

Robert Collins
Thu Mar 29 11:57:00 GMT 2001

----- Original Message -----
From: "Egor Duda" <>
To: "Robert Collins" <>
Cc: <>
Sent: Thursday, March 29, 2001 5:12 PM
Subject: Re: security hole in tty handling code

> Hi!
> Thursday, 29 March, 2001 Robert Collins
> RC> Why not just set the permissions and let the client calls fail if
> RC> aren't from the same user?
> because this will break applications that change user context, such as
> sshd.

Oh. Is there someway we can accomplish the same effect without a server?
Or perhaps the applications can pickup the handles before they change

> RC> I've heard that
> RC> "server" based solutions like you've put toghether usually fail in
> RC> terminal server environments...
> do you have any evidence? anywaym, i think it's probably easy to test.
> Egor.   ICQ 5165414 FidoNet

Anecdotal at best. However I can pull together a term serv environment
if needed to help test.

One key issue is that you may/will need Global shared objects to make
the server accessible across all logged in user sessions.


More information about the Cygwin-developers mailing list