At 09:11 PM 9/8/2003 -0400, you wrote: >On Mon, Sep 08, 2003 at 08:46:06PM -0400, Pierre A. Humblet wrote: >>This is the first in a series of patches fixing security holes >>associated with the file mappings in the core of Cygwin. >>I hope the explanations below are clear! > >Yes they are, thanks. I can't comment on the security stuff but >everything else looks good to me. I'll let Corinna have the final >say on this. > >I wonder if it is time to bite the bullet and get rid of user-mode >mounts entirely. Or maybe disallow them in suid'ed sessions? They >are always going to be a security hole AFAICT.
Yep, the same thought has crossed my mind. However I now believe that with the patch the user mounts do not pose a security issue. And they are really useful! If we keep accessing HKCU as we do now, we should make a note in the doc (mount man page ?) that SYSTEM uses the user mounts of .Default. This could be a source of hard to explain behavior. Pierre