1.3.13?

egor duda deo@logos-m.ru
Mon Aug 5 03:17:00 GMT 2002


Hi!

Sunday, 04 August, 2002 Christopher Faylor cgf@redhat.com wrote:

CF> I'd like to release 1.3.13.  The outstanding issues that I am aware of
CF> are Conrad's UNIX domain socket patch

I'm looking at it. The problem this patch addresses it valid. The
way to solve it looks correct too, but i have one reservation.
It turned out that original method to provide security via creating
event object with secret name doesn't really provide security :(
I found several days ago that the namespace which contains events,
semaphores and other kernel objects can be listed by non-privileged
local user. That is, we can't, unfortunately, to rely on secrecy of
object name. The obvious way to fix this with current approach is to
add appropriate security information to handshake events so that
non-privileged process won't be able to signal them. With Conrad's
approach, as far as i understand, handshake relies on mere existence
of needed object, so i don't know how to protect communications in
this case.

Egor.            mailto:deo@logos-m.ru ICQ 5165414 FidoNet 2:5020/496.19



More information about the Cygwin-developers mailing list