Fixing the PROCESS_DUP_HANDLE security hole.

Christopher Faylor cgf@redhat.com
Mon Sep 29 00:50:00 GMT 2003


On Sun, Sep 28, 2003 at 08:33:59PM -0400, Pierre A. Humblet wrote:
>from a security point of view, giving PROCESS_DUP_HANDLE access is
>equivalent to giving full access.

I understand.  I got this point.  I comprehend it.  Notice how the
ChangeLog entry doesn't say anything like "Make handle privileges more
secure"?

My reluctance to make this explicit before was due to a vague feeling
that using SYNCHRONIZE had problems on Windows 9x.  It was not related
to PROCESS_DUP_HANDLE.

I did read your email and I read the MSDN reference that you gave.  I
think I'd even read that particular reference before, in fact.

cgf



More information about the Cygwin-developers mailing list