Mailing-List: contact cygwin-developers-help AT sourceware DOT cygnus DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-developers-subscribe AT sources DOT redhat DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin-developers/>
List-Post: <mailto:cygwin-developers AT sources DOT redhat DOT com>
List-Help: <mailto:cygwin-developers-help AT sources DOT redhat DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-developers-owner AT sources DOT redhat DOT com
Delivered-To: mailing list cygwin-developers AT sources DOT redhat DOT com
Date: Wed, 18 Apr 2001 12:05:30 +0200
From: Corinna Vinschen <vinschen AT redhat DOT com>
To: cygwin-developers AT cygwin DOT com
Subject: Re: handle protection - please comment
Message-ID: <20010418120530.Q15962@cygbert.vinschen.de>
Reply-To: Corinna Vinschen <cygwin-developers AT cygwin DOT com>
Mail-Followup-To: cygwin-developers AT cygwin DOT com
References: <EA18B9FA0FE4194AA2B4CDB91F73C0EF79C2 AT itdomain002 DOT itdomain DOT net DOT au>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <EA18B9FA0FE4194AA2B4CDB91F73C0EF79C2@itdomain002.itdomain.net.au>; from robert.collins@itdomain.com.au on Wed, Apr 18, 2001 at 10:54:06AM +1000

On Wed, Apr 18, 2001 at 10:54:06AM +1000, Robert Collins wrote:
> This is just a follow up to Egor's proposed server for handle control.
> 
> I have done some basic testing using 
> 
> DWORD sd_size = 4096;
> char sd_buf[4096];
> PSECURITY_DESCRIPTOR psd = (PSECURITY_DESCRIPTOR) sd_buf;
> 
> psd = alloc_sd (getuid(), getgid(), cygheap->user.logsrv (), mode,
>           psd, &sd_size)
> 
> and then 
> 
> SECURITY_ATTRIBUTES sa;
> sa.nLength=sizeof(sa);
> sa.lpSecurityDescriptor=psd;
> sa.bInheritHandle= TRUE; //or FALSE as appropriate for the handle
> 
> 
> This gives you an custom security attributes structure the appropriate
> win32 style permissions to match the mode , user and group you passed to
> alloc_sd.
> 
> if psd is NULL, (ie running on win95) the OS will operate correctly.
> 
> 
> I'm currently building testcases for mutexs in shared memory, which is
> how I got onto this.
> 
> security wise, on win9x, there is no security, but there isn't anyway -
> any process can open any shared memory area and so forth (ie it doesn't
> matter how many layers of abstraction you put on it, someone with the
> source can iterate through all the publicly available structures).
> 
> On NT/2K, it should give exactly the desired permissions, no more, no
> less.

For that purpose there are two functions declared in security.h:

PSECURITY_ATTRIBUTES sec_user (PVOID sa_buf, PSID sid2 = NULL, BOOL inherit = TRUE);
PSECURITY_ATTRIBUTES sec_user_nih (PVOID sa_buf, PSID sid2 = NULL);

For the usage have a look into sigproc.cc, function `getsem' or
fork.cc, function `fork_parent'.

Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                                mailto:cygwin AT cygwin DOT com
Red Hat, Inc.