Fixing the PROCESS_DUP_HANDLE security hole.

Pierre A. Humblet Pierre.Humblet@ieee.org
Mon Sep 29 00:43:00 GMT 2003


At 11:46 AM 9/28/2003 -0400, you wrote:
>On Sat, Sep 27, 2003 at 09:24:10PM -0400, Christopher Faylor wrote:
>>Somehow I seem to remember that didn't work (even though I can't imagine
>>why) but I wasn't clever enough to document why.  I guess it can't hurt
>>to try it, advertise a snapshot, and ask for feedback.
>
>I've checked in the ppid_handle change (attributed to Pierre) and am
generating
>a snapshot now.

Thanks Chris, but I am still not sure I am getting my point across:
from a security point of view, giving PROCESS_DUP_HANDLE access is
equivalent to giving full access. The patch has the merit of making the
access explicit, but it doesn't improve security.
Anybody who logs in over the network with Cygwin can still take control of 
his/her SYSTEM parent.

Pierre



More information about the Cygwin-developers mailing list