Re: [PATCH v5 1/1] Cygwin: pty: add pseudo console support.

[Corinna Vinschen <corinna-cygwin@cygwin.com>]

[-- Attachment #1: Type: text/plain, Size: 2775 bytes --]

Hi Takashi!


I'm glad to read from you again :)

On Aug 12 21:07, Takashi Yano wrote:
> Hi Corinna,
> 
> On Mon, 24 Jun 2019 12:53:37 +0200
> Corinna Vinschen wrote:
> > Any news on this?  Do you consider the latest state from April
> > stable enough for master?
> 
> First, I apologize for a very lazy response. To tell the truth,
> there has not been much progress.

No worries.

> Anyway, I will post v6 soon. It is almost stable.

An important question is if we should put this into Cygwin 3.1 or if
it's better to keep the 3.1 release the "FIFO revamp" release and make
3.2 the WinPTY release.  That's probably the better approach...

> In my test, the biggest problem is the failure to attach console
> after setuid() in sshd if the user belongs to "Users" group only.
> This causes mis-synchronization in the screen buffer.
> 
> To reproduce this problem, login to cygwin via ssh and execute
> ssh again. Then some debug messages are shown as follows.
> 
> Last login: Mon Aug 12 20:15:54 2019 from ::1
> CYGWIN_NT-10.0-WOW Express5800-S70 3.1.0(0.340/5/3) 2019-08-12 09:42 i686 Cygwin
> [yano@Express5800-S70 ~]$ ssh localhost
>       1 [main] ssh 1927 fhandler_pty_slave::push_to_pcon_screenbuffer: pty1: AttachConsole(21124) failed. (0x612E3C50) 00000005
>      52 [main] ssh 1927 fhandler_pty_slave::push_to_pcon_screenbuffer: pty1: AttachConsole(21124) failed. (0x612E3C50) 00000005
> yano@localhost's password:
> 
> That is, if the following commands are executed sequentially:
> 
> ssh localhost
> ssh localhost (again)
> ls
> exit
> cmd
> 
> the result of ls disappears from the screen.
> 
> This problem does not occur if the user belongs to "Administrators"
> group.
> 
> It is reasonable to fail to attach console to
> cygwin-console-helper.exe because it is running as system
> service account, however, attaching to other processes executed
> by myself also fails in the ssh session.
> 
> I have been stuck with this issue in the last several weeks.
> Any advice will be appreciated. 

It's likely a result of the console object's DACL no?  I guess it's
equivalent to the default DACL of the creating process.  If so, it's
kind of like

  SYSTEM:rwx
  Administrators:rwx. 

It may be worth a try to use the get_object_sd, et_object_sd,
create_object_sd_from_attribute functions along the lines of what
fhandler_pty_slave::fchmod and fhandler_pty_slave::fchown do to add a
user to the console DACL.

This may fail on Windows Vista because of the console being represented
by a pseudo handle only, but it may work just fine starting with Windows
7.  Assuming the security stuff makes sense without the WinPTY code at
all...


Corinna

-- 
Corinna Vinschen
Cygwin Maintainer

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]