problem with readonly pinfo?

Pierre A. Humblet Pierre.Humblet@ieee.org
Wed Sep 17 02:02:00 GMT 2003


At 09:46 PM 9/16/2003 -0400, Christopher Faylor wrote:
>To say it as simply as possible:
>
>Proces a is owned by 'cgf' it forks process b which eventually changes
>its uid to 'foo'.
>
>Can process a send a signal to process b?

Yes. 
But if the forked process execs, the new Windows process will create 
its semaphore without giving permissions to cgf, but only to itself, 
Admins & System. cgf can still signal it because in practice processes 
that can setuid (like cgf) are in Admins. 

>I'm not necessarily talking about what is possible with the
>implementation now in CVS.  We'd like to use windows security to control
>who can send signals to what as much as possible, right?  

Yes.

>The problem is
>that UNIX sends signals (like CTRL-C) to processes in a process group,
>regardless of process ownership.  In cygwin, it's up to the parent
>process to do this.

I am not sure I understand 100% what "up to the parent process" means.
Do you mean the signals are propagated through generations (grandfather
to father to child) and not directly from grandfather to grandchild
as in UNIX?
  
>I think you're saying that this will work ok, right?  And we should be
>able to use the same security for the pipe as well, I assume?

Yes. 
But I see a problem going in the other direction, from a child who has 
setuid'ed and exec'ed, to parent. At least with the current code,
hopefully not with your pipes. 

Pierre



More information about the Cygwin-developers mailing list