X-Recipient: archive-cygwin AT delorie DOT com X-Spam-Check-By: sourceware.org Message-ID: <47D811CF.F40482C5@dessent.net> Date: Wed, 12 Mar 2008 10:24:31 -0700 From: Brian Dessent X-Mailer: Mozilla 4.79 [en] (Windows NT 5.0; U) MIME-Version: 1.0 To: cygwin AT cygwin DOT com Subject: Re: Bug: C-prog from Win dies in fork; gdb.exe also won't run References: <47D4A7E4 DOT 5070509 AT tlinx DOT org> <47D4B7D2 DOT 1F78DADB AT dessent DOT net> <47D4E892 DOT 1090305 AT tlinx DOT org> <47D50BB6 DOT EFB28302 AT dessent DOT net> <47D6056B DOT 6000805 AT tlinx DOT org> <47D610C2 DOT EECE7EE9 AT dessent DOT net> <00b601c8843a$d94fe2c0$2708a8c0 AT CAM DOT ARTIMI DOT COM> <47D7EFEC DOT 122C76AE AT dessent DOT net> <00d001c88456$9f75a3c0$2708a8c0 AT CAM DOT ARTIMI DOT COM> <47D7FDDB DOT 73ABB705 AT dessent DOT net> <00dd01c8845c$078e8ee0$2708a8c0 AT CAM DOT ARTIMI DOT COM> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-IsSubscribed: yes Reply-To: cygwin AT cygwin DOT com Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Dave Korn wrote: > Given that, it's therefore going to have been done as quickly and cheaply > as possible, so why should we assume they wouldn't they just check the value > in the PE header at the start of NtSetInformationProcess? I know it's MS and everything, and if the subject was Outlook or Clippy or whatnot I'd grant you the mickeymouse-code factor in full force... But c'mon, what's easier: index into a 2 or 3 bit field in a kernel process table structure or a) figure out which module of the process is the main one b) look up its ImageBase c) compute which page in that processes' VM corresponds to that ImageBase plus some magic offset (which also implicitly means that all subsystems must use exactly the same image header format for the entire lifespan of the operating system, a pretty lousy way to design a kernel) d) query the memory manager if that page is currently in the working set e) incurr a page fault if it is not f) wait for the disk manager to page in that sector from the pagefile, or from the image on the filesystem if the page has not been modified ... And doing this for every syscall?!? And that doesn't even begin to address the most obvious of security issues of having the kernel rely on userspace structures when enforcing access restrictions. Brian -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/