Mailing-List: contact cygwin-developers-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-developers-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin-developers/>
List-Post: <mailto:cygwin-developers AT cygwin DOT com>
List-Help: <mailto:cygwin-developers-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-developers-owner AT cygwin DOT com
Delivered-To: mailing list cygwin-developers AT cygwin DOT com
Subject: Re: cygserver usage questions
From: Robert Collins <rbcollins AT cygwin DOT com>
To: Conrad Scott <Conrad DOT Scott AT dsl DOT pipex DOT com>
Cc: cygwin-developers AT sources DOT redhat DOT com
In-Reply-To: <00a901c268a8$d2b50bb0$6132bc3e@BABEL>
References: <20020930151551 DOT GA11140 AT redhat DOT com> 
	<00a901c268a8$d2b50bb0$6132bc3e AT BABEL>
Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature";
	boundary="=-dtyrtpE7m5Hjyeqt/Af/"
Date: 01 Oct 2002 07:46:59 +1000
Message-Id: <1033422420.11273.223.camel@lifelesswks>
Mime-Version: 1.0


--=-dtyrtpE7m5Hjyeqt/Af/
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

On Tue, 2002-10-01 at 03:43, Conrad Scott wrote:
> "Christopher Faylor" <cgf AT redhat DOT com> wrote:
> > I notice that the code in cygserver creates some objects with
> > the default security rather than using something like &sec_none_nih.
> > Is that intentional?
>
> The security code in cygserver is much as I inherited it, except for
> some bits that I've temporarily ripped out.  My intention has been to
> finish the whole System V IPC coding and then do the security as one
> sweep afterwards (as most of the code will be common to all three
> subsystems).

The tty duplication code is as I found it too. (bar some refactoring to
make it more generic).
=20
> My impression about the existing security code is that a lot of stuff is
> left wide open for the moment (i.e. for debugging purposes).  For the
> moment I'll fix the shared object creations to use the standard cygwin
> approach as you suggest.

MM, I don't recall at this point. A number of points apply here though:
Cygserver doesn't fork(), so fork issues are not applicable.
cygserver needs to hand some handles out, so it grabs full access to
those handles, and masks out the rights other processes don't need.
=20
Rob
--=20
---
GPG key available at: http://users.bigpond.net.au/robertc/keys.txt.
---

--=-dtyrtpE7m5Hjyeqt/Af/
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQA9mMZTI5+kQ8LJcoIRAsLSAJ9p+fRJrbbvC2k9xk2Lf6nWWmqUhgCfZteo
Aqqw7ZDs7lsq5FoNqCbJLZ0=
=rXMj
-----END PGP SIGNATURE-----

--=-dtyrtpE7m5Hjyeqt/Af/--