Mail Archives: cygwin-developers/2001/03/29/19:50:30

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin-developers/2001/03/29/19:50:30

Mailing-List: contact cygwin-developers-help AT sourceware DOT cygnus DOT com; run by ezmlm

List-Subscribe: <mailto:cygwin-developers-subscribe AT sources DOT redhat DOT com>

List-Archive: <http://sources.redhat.com/ml/cygwin-developers/>

List-Post: <mailto:cygwin-developers AT sources DOT redhat DOT com>

List-Help: <mailto:cygwin-developers-help AT sources DOT redhat DOT com>, <http://sources.redhat.com/ml/#faqs>

Sender: cygwin-developers-owner AT sources DOT redhat DOT com

Delivered-To: mailing list cygwin-developers AT sources DOT redhat DOT com

Message-ID: <005201c0b829$2e4bbfa0$0200a8c0@lifelesswks>

From: "Robert Collins" <robert DOT collins AT itdomain DOT com DOT au>

To: "egor duda" <cygwin-developers AT cygwin DOT com>

Cc: <cygwin-developers AT cygwin DOT com>

References: <4531563555 DOT 20010328212023 AT logos-m DOT ru> <00c001c0b7ce$260631a0$0200a8c0 AT lifelesswks> <3881491588 DOT 20010329111232 AT logos-m DOT ru>

Subject: Re: security hole in tty handling code

Date: Thu, 29 Mar 2001 18:20:55 +1000

MIME-Version: 1.0

X-Priority: 3

X-MSMail-Priority: Normal

X-Mailer: Microsoft Outlook Express 5.50.4133.2400

X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400

X-OriginalArrivalTime: 29 Mar 2001 08:15:42.0123 (UTC) FILETIME=[723DCFB0:01C0B828]

----- Original Message -----
From: "Egor Duda" <deo AT logos-m DOT ru>
To: "Robert Collins" <robert DOT collins AT itdomain DOT com DOT au>
Cc: <cygwin-developers AT cygwin DOT com>
Sent: Thursday, March 29, 2001 5:12 PM
Subject: Re: security hole in tty handling code


> Hi!
>
> Thursday, 29 March, 2001 Robert Collins robert DOT collins AT itdomain DOT com DOT au
wrote:
>
> RC> Why not just set the permissions and let the client calls fail if
they
> RC> aren't from the same user?
>
> because this will break applications that change user context, such as
> sshd.

Oh. Is there someway we can accomplish the same effect without a server?
Or perhaps the applications can pickup the handles before they change
context?

> RC> I've heard that
> RC> "server" based solutions like you've put toghether usually fail in
> RC> terminal server environments...
>
> do you have any evidence? anywaym, i think it's probably easy to test.
>
> Egor.            mailto:deo AT logos-m DOT ru ICQ 5165414 FidoNet
2:5020/496.19
>

Anecdotal at best. However I can pull together a term serv environment
if needed to help test.

One key issue is that you may/will need Global shared objects to make
the server accessible across all logged in user sessions.

Rob

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

Mailing-List:	contact cygwin-developers-help AT sourceware DOT cygnus DOT com; run by ezmlm
List-Subscribe:	<mailto:cygwin-developers-subscribe AT sources DOT redhat DOT com>
List-Archive:	<http://sources.redhat.com/ml/cygwin-developers/>
List-Post:	<mailto:cygwin-developers AT sources DOT redhat DOT com>
List-Help:	<mailto:cygwin-developers-help AT sources DOT redhat DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender:	cygwin-developers-owner AT sources DOT redhat DOT com
Delivered-To:	mailing list cygwin-developers AT sources DOT redhat DOT com
Message-ID:	<005201c0b829$2e4bbfa0$0200a8c0@lifelesswks>
From:	"Robert Collins" <robert DOT collins AT itdomain DOT com DOT au>
To:	"egor duda" <cygwin-developers AT cygwin DOT com>
Cc:	<cygwin-developers AT cygwin DOT com>
References:	<4531563555 DOT 20010328212023 AT logos-m DOT ru> <00c001c0b7ce$260631a0$0200a8c0 AT lifelesswks> <3881491588 DOT 20010329111232 AT logos-m DOT ru>
Subject:	Re: security hole in tty handling code
Date:	Thu, 29 Mar 2001 18:20:55 +1000
MIME-Version:	1.0
X-Priority:	3
X-MSMail-Priority:	Normal
X-Mailer:	Microsoft Outlook Express 5.50.4133.2400
X-MimeOLE:	Produced By Microsoft MimeOLE V5.50.4133.2400
X-OriginalArrivalTime:	29 Mar 2001 08:15:42.0123 (UTC) FILETIME=[723DCFB0:01C0B828]