From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 15230 invoked by alias); 12 Aug 2019 12:50:15 -0000 Mailing-List: contact cygwin-developers-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-developers-owner@cygwin.com Mail-Followup-To: cygwin-developers@cygwin.com Received: (qmail 15219 invoked by uid 89); 12 Aug 2019 12:50:15 -0000 Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=-103.0 required=5.0 tests=AWL,BAYES_00,GOOD_FROM_CORINNA_CYGWIN,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 spammy=screen X-HELO: mout.kundenserver.de Received: from mout.kundenserver.de (HELO mout.kundenserver.de) (212.227.126.133) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Mon, 12 Aug 2019 12:50:13 +0000 Received: from calimero.vinschen.de ([24.134.7.25]) by mrelayeu.kundenserver.de (mreue010 [212.227.15.167]) with ESMTPSA (Nemesis) id 1MkHhB-1ihBxP1Cpd-00kgLs; Mon, 12 Aug 2019 14:50:06 +0200 Received: by calimero.vinschen.de (Postfix, from userid 500) id 26462A80730; Mon, 12 Aug 2019 14:50:05 +0200 (CEST) Date: Mon, 12 Aug 2019 12:50:00 -0000 From: Corinna Vinschen To: Takashi Yano Cc: cygwin-developers@cygwin.com Subject: Re: [PATCH v5 1/1] Cygwin: pty: add pseudo console support. Message-ID: <20190812125005.GH11632@calimero.vinschen.de> Reply-To: cygwin-developers@cygwin.com Mail-Followup-To: Takashi Yano , cygwin-developers@cygwin.com References: <20190412102047.669-1-takashi.yano@nifty.ne.jp> <20190414152316.1468-1-takashi.yano@nifty.ne.jp> <20190414152316.1468-2-takashi.yano@nifty.ne.jp> <20190415083832.GC3599@calimero.vinschen.de> <20190416094143.c612b1d9262bd015a8103f10@nifty.ne.jp> <20190416091616.GN3599@calimero.vinschen.de> <20190624105337.GC5738@calimero.vinschen.de> <20190812210708.109e5a8de991875e65d11792@nifty.ne.jp> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="E9lJRGffXdNhqRfL" Content-Disposition: inline In-Reply-To: <20190812210708.109e5a8de991875e65d11792@nifty.ne.jp> User-Agent: Mutt/1.11.3 (2019-02-01) X-SW-Source: 2019-08/txt/msg00004.txt.bz2 --E9lJRGffXdNhqRfL Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-length: 2725 Hi Takashi! I'm glad to read from you again :) On Aug 12 21:07, Takashi Yano wrote: > Hi Corinna, >=20 > On Mon, 24 Jun 2019 12:53:37 +0200 > Corinna Vinschen wrote: > > Any news on this? Do you consider the latest state from April > > stable enough for master? >=20 > First, I apologize for a very lazy response. To tell the truth, > there has not been much progress. No worries. > Anyway, I will post v6 soon. It is almost stable. An important question is if we should put this into Cygwin 3.1 or if it's better to keep the 3.1 release the "FIFO revamp" release and make 3.2 the WinPTY release. That's probably the better approach... > In my test, the biggest problem is the failure to attach console > after setuid() in sshd if the user belongs to "Users" group only. > This causes mis-synchronization in the screen buffer. >=20 > To reproduce this problem, login to cygwin via ssh and execute > ssh again. Then some debug messages are shown as follows. >=20 > Last login: Mon Aug 12 20:15:54 2019 from ::1 > CYGWIN_NT-10.0-WOW Express5800-S70 3.1.0(0.340/5/3) 2019-08-12 09:42 i686= Cygwin > [yano@Express5800-S70 ~]$ ssh localhost > 1 [main] ssh 1927 fhandler_pty_slave::push_to_pcon_screenbuffer: pt= y1: AttachConsole(21124) failed. (0x612E3C50) 00000005 > 52 [main] ssh 1927 fhandler_pty_slave::push_to_pcon_screenbuffer: pt= y1: AttachConsole(21124) failed. (0x612E3C50) 00000005 > yano@localhost's password: >=20 > That is, if the following commands are executed sequentially: >=20 > ssh localhost > ssh localhost (again) > ls > exit > cmd >=20 > the result of ls disappears from the screen. >=20 > This problem does not occur if the user belongs to "Administrators" > group. >=20 > It is reasonable to fail to attach console to > cygwin-console-helper.exe because it is running as system > service account, however, attaching to other processes executed > by myself also fails in the ssh session. >=20 > I have been stuck with this issue in the last several weeks. > Any advice will be appreciated.=20 It's likely a result of the console object's DACL no? I guess it's equivalent to the default DACL of the creating process. If so, it's kind of like SYSTEM:rwx Administrators:rwx.=20 It may be worth a try to use the get_object_sd, et_object_sd, create_object_sd_from_attribute functions along the lines of what fhandler_pty_slave::fchmod and fhandler_pty_slave::fchown do to add a user to the console DACL. This may fail on Windows Vista because of the console being represented by a pseudo handle only, but it may work just fine starting with Windows 7. Assuming the security stuff makes sense without the WinPTY code at all... Corinna --=20 Corinna Vinschen Cygwin Maintainer --E9lJRGffXdNhqRfL Content-Type: application/pgp-signature; name="signature.asc" Content-length: 833 -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEoVYPmneWZnwT6kwF9TYGna5ET6AFAl1RYHwACgkQ9TYGna5E T6DCYA//agWvTxeFFtEqjOOC7GQxKKNtXlZKTXN+H7266ELQiKSJjgjLYnAE0WcR 01GcRBLQ9ctFxuc/liZtroZGddc9Dpcv8s0+uqaEcEDr3QvfyMo0I9l3OBKTLPiV 59mxXHpzb96ZTOsN9zbdwywWo+uyqqWPANtCfngzOVAqD/UtPLLR+Rktjeg2tsh+ IuqKr1vVJOfZg9ZW85n1ibJ8InZE5OnG7ZjZt1FruOSXTszfzJnYWznuIc5pBi+g C7yINPgtP2S+bE9ZXzBMOJhMri7ENLOY3mIAe2VaLV8ge8kfMNo87IKNOphP2/8/ UkqD+8nVX93oAQU3ya/TdrbzPKwDNrOLBPt2/+Ww+nVrTPyYzY828pemkQcZUQSY 8IZlMk4vmdigN84qvpIWtUkYGkEly4vMhFjSOU1TcCUAsGZSGuGsuCvCs5/vIAVI 9Jj81uE9N9txhk9JbEJNL1JLAak6ZvIhm7FvBtC1qDPoEe7xAix4Ifm1BSfM+5JI 6Um/GhYKIjUrWfBy2lqYsyk9nwDe7b+qi6XGgawq2d8DJ3yL7ZQ5bMIHwOngqt// 0rRkKeFlwVQn4xY3/C5/Zp1+gP7fqrGm9gAjkgOc5rM/JgF7WCUBkC1cWDWovF3z 2nOrPmpwVr4hGDR0vRLZVgMeZeFnERT9RPJ0/PkayZJIbd1Zfpk= =dprL -----END PGP SIGNATURE----- --E9lJRGffXdNhqRfL--