Re: {Patch]: Giving access to pinfo after seteuid and exec

On Fri, Sep 26, 2003 at 09:41:17AM -0400, Pierre A. Humblet wrote: > Corinna Vinschen wrote: > > Somehow I'm missing a description why that's necessary and the > > implications. > > > I am getting paranoid. Most often we duplicate DUPLICATE_SAME_ACCESS > without thinking about what access is reall

Re: {Patch]: Giving access to pinfo after seteuid and exec

Corinna Vinschen wrote: > > On Thu, Sep 25, 2003 at 09:47:48PM -0400, Pierre A. Humblet wrote: > > This patch sets the _pinfo acl in order to allow access after > > seteuid and exec. > > > > While looking at spawn.cc I also noticed oddities in pinfo related > > error handling, and reworked them. I

Re: {Patch]: Giving access to pinfo after seteuid and exec

On Thu, Sep 25, 2003 at 09:47:48PM -0400, Pierre A. Humblet wrote: > This patch sets the _pinfo acl in order to allow access after > seteuid and exec. > > While looking at spawn.cc I also noticed oddities in pinfo related > error handling, and reworked them. I also restored impersonation in > cas

Re: {Patch]: Giving access to pinfo after seteuid and exec

On Thu, Sep 25, 2003 at 10:56:41PM -0400, Pierre A. Humblet wrote: >At 10:23 PM 9/25/2003 -0400, you wrote: >>On Thu, Sep 25, 2003 at 10:17:22PM -0400, Christopher Faylor wrote: >>>I'll check in the rest of the spawn.cc stuff with some modifications. I see >>>I missed some cases with the addition

Re: {Patch]: Giving access to pinfo after seteuid and exec

At 10:23 PM 9/25/2003 -0400, you wrote: >On Thu, Sep 25, 2003 at 10:17:22PM -0400, Christopher Faylor wrote: >>I'll check in the rest of the spawn.cc stuff with some modifications. I see >>I missed some cases with the addition of _P_SYSTEM. > >I'm sorry. Long day. I'm checking in the non-acl rel

Re: {Patch]: Giving access to pinfo after seteuid and exec

On Thu, Sep 25, 2003 at 10:17:22PM -0400, Christopher Faylor wrote: >I'll check in the rest of the spawn.cc stuff with some modifications. I see >I missed some cases with the addition of _P_SYSTEM. I'm sorry. Long day. I'm checking in the non-acl related stuff. I'll leave the rest for Corinna'

Re: {Patch]: Giving access to pinfo after seteuid and exec

On Thu, Sep 25, 2003 at 10:17:22PM -0400, Christopher Faylor wrote: >I was looking at the above today. Don't you have to reimpersonate regardless >of whether the CreateProcess succeeded? Nevermind. That's exactly what you're doing. I'm always briefly 10% more brilliant after I hit 'y' to send t

Re: {Patch]: Giving access to pinfo after seteuid and exec

On Thu, Sep 25, 2003 at 09:47:48PM -0400, Pierre A. Humblet wrote: >This patch sets the _pinfo acl in order to allow access after >seteuid and exec. > >While looking at spawn.cc I also noticed oddities in pinfo related >error handling, and reworked them. I also restored impersonation in >case of C