Fixing the PROCESS_DUP_HANDLE security hole.
Pierre A. Humblet
Mon Sep 29 00:43:00 GMT 2003
At 11:46 AM 9/28/2003 -0400, you wrote:
>On Sat, Sep 27, 2003 at 09:24:10PM -0400, Christopher Faylor wrote:
>>Somehow I seem to remember that didn't work (even though I can't imagine
>>why) but I wasn't clever enough to document why. I guess it can't hurt
>>to try it, advertise a snapshot, and ask for feedback.
>I've checked in the ppid_handle change (attributed to Pierre) and am
>a snapshot now.
Thanks Chris, but I am still not sure I am getting my point across:
from a security point of view, giving PROCESS_DUP_HANDLE access is
equivalent to giving full access. The patch has the merit of making the
access explicit, but it doesn't improve security.
Anybody who logs in over the network with Cygwin can still take control of
his/her SYSTEM parent.
More information about the Cygwin-developers