[Patch]: Fixing the PROCESS_DUP_HANDLE security hole (part 1).
Christopher Faylor
cgf@redhat.com
Tue Sep 30 03:14:00 GMT 2003
On Mon, Sep 29, 2003 at 09:55:25PM -0400, Pierre A. Humblet wrote:
>Here is a patch that allows to open master ttys without giving
>full access to the process, at least for access to the ctty.
>
>It works by snooping the ctty pipe handles and duplicating them
>on the cygheap, for use by future opens in descendant processes.
>
>It passes all the tests I tried, but considering my lack of knowledge
>about ttys, everything is possible.
Does it pass doing an "echo > /dev/tty1" where /dev/tty1 is a tty in
another command window?
cgf
More information about the Cygwin-patches
mailing list