"Corinna Vinschen" <[EMAIL PROTECTED]> wrote: > More problematic is the approach to use cygserver for this. I've talked > to Chris about passing descriptors and we agree in that we want to try > under all circumstances to find a solution which doesn't need cygserver.
Corinna, I thought that the main reason to use cygserver for this is for security reasons. Your final paragraph mentions this issue but it's not clear whether it's a complete solution (and I'm not fully up to speed on the NT security model, so I've no idea). One issue tho' is that you'll have to create the shared memory segment with global read (and write) permissions since you've no idea of the security level of the receiving process. If the sender then puts its process handle, with the PROCESS_DUP_HANDLE privilege, into that shared memory, any process on the system can read the shared memory and now has access to *all* of the sender's handles (i.e., just run through all the small integers running DuplicateHandle on them). You could put some obfuscation into the system by generating random names for the shared memory segment but that's still not ideal. It's also not clear to me how secure cygwin is intended to be: I assume it should be no less secure than the underlying NT system, but perhaps I've the wrong end of the stick here. But if such security is the aim, it can't be achieved through this approach (AFAICS etc.). In general, I thought that cygserver was intended for all such inter-process communication to get around just these sort of problems. (Not that I can see how to get file descriptor passing to work properly via cygserver either, but I've not thought too much about it yet.) I'd be interested to see a good solution to this sort of problem. // Conrad
