| delorie.com/archives/browse.cgi | search |
| Mailing-List: | contact cygwin-developers-help AT sourceware DOT cygnus DOT com; run by ezmlm |
| List-Subscribe: | <mailto:cygwin-developers-subscribe AT sources DOT redhat DOT com> |
| List-Archive: | <http://sources.redhat.com/ml/cygwin-developers/> |
| List-Post: | <mailto:cygwin-developers AT sources DOT redhat DOT com> |
| List-Help: | <mailto:cygwin-developers-help AT sources DOT redhat DOT com>, <http://sources.redhat.com/ml/#faqs> |
| Sender: | cygwin-developers-owner AT sources DOT redhat DOT com |
| Delivered-To: | mailing list cygwin-developers AT sources DOT redhat DOT com |
| Message-ID: | <010f01c100a4$9395f740$806410ac@local> |
| From: | "Robert Collins" <robert DOT collins AT itdomain DOT com DOT au> |
| To: | <cygwin-developers AT cygwin DOT com> |
| Subject: | more security |
| Date: | Sat, 30 Jun 2001 00:05:37 +1000 |
| MIME-Version: | 1.0 |
| X-Priority: | 3 |
| X-MSMail-Priority: | Normal |
| X-Mailer: | Microsoft Outlook Express 5.50.4522.1200 |
| X-MimeOLE: | Produced By Microsoft MimeOLE V5.50.4522.1200 |
| X-OriginalArrivalTime: | 29 Jun 2001 13:53:16.0242 (UTC) FILETIME=[D8A41B20:01C100A2] |
I just thought of a potential security hole - more stuff for the daemon. I'm mailing for archive, not to request or offer a fix. I also haven't checked the code due to being about to go to sleep... The delete-on-close queue has no way of verifying that the poster of an item there has the right to delete the file. sample exploit in theory: user program in sshd adds system critical files to the delete-on-close queue, without ever trying to open the files. Admin comes along and runs cygwin process that access said files (say just checking for #! even, and they get rm'd on close. Rob
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |