ntsec patch #4: passwd and group
Christopher Faylor
cgf@redhat.com
Fri Nov 8 08:28:00 GMT 2002
On Fri, Nov 08, 2002 at 05:19:18PM +0100, Corinna Vinschen wrote:
>> 2) I thought that the passwd/group files where only
>> read "for the first cygwin process that start up
>> on a given console", to use Chris' words in
>> http://cygwin.com/ml/cygwin-patches/2002-q4/msg00024.html
>
>I discussed this with Chris in innumerable one-on-ones but we
>never found a satisfactory solution for keeping the data just
>once in memory. I can't reiterate right away but every new
>idea had a flaw. I'm still at times thinking about something
>with shared memory but there are as usual security concerns.
Right. I overstated things a little. A newly execed process needs to
read /etc/passwd in some cases, iirc. That's because the passwd info is
not in the cygheap. I made some changes once to put the passwd info in
the cygheap so that all processes share the info but iirc it actually
slowed things down.
>> In fact applications such as sshd would benefit from
>> rereading the files (if needed) *before* forks or execs,
>> so that a single reread can serve all future children,
>> but that approach does not help with thread issues.
>
>I don't think it's worth the effort. The main reason is that
>changes to passwd and group files are so seldom...
I agree. How often does /etc/passwd change?
cgf
More information about the Cygwin-developers
mailing list