ntsec patch #4: passwd and group

Christopher Faylor cgf@redhat.com
Fri Nov 8 08:28:00 GMT 2002


On Fri, Nov 08, 2002 at 05:19:18PM +0100, Corinna Vinschen wrote:
>> 2) I thought that the passwd/group files where only
>>    read "for the first cygwin process that start up 
>>    on a given console", to use Chris' words in
>>    http://cygwin.com/ml/cygwin-patches/2002-q4/msg00024.html
>
>I discussed this with Chris in innumerable one-on-ones but we
>never found a satisfactory solution for keeping the data just
>once in memory.  I can't reiterate right away but every new
>idea had a flaw.  I'm still at times thinking about something 
>with shared memory but there are as usual security concerns.

Right.  I overstated things a little.  A newly execed process needs to
read /etc/passwd in some cases, iirc.  That's because the passwd info is
not in the cygheap.  I made some changes once to put the passwd info in
the cygheap so that all processes share the info but iirc it actually
slowed things down.

>>    In fact applications such as sshd would benefit from 
>>    rereading the files (if needed) *before* forks or execs,
>>    so that a single reread can serve all future children,
>>    but that approach does not help with thread issues.
>
>I don't think it's worth the effort.  The main reason is that
>changes to passwd and group files are so seldom...

I agree.  How often does /etc/passwd change?

cgf



More information about the Cygwin-developers mailing list