2003-09-26 Pierre Humblet <pierre.humblet@ieee.org>

* pinfo.h (pinfo::set_acl): Declare. * pinfo.cc (pinfo_fixup_after_fork): Duplicate with no rights. (pinfo::set_acl): New. * spawn.cc (spawn_guts): Call myself.set_acl.
2003-09-27 01:58:23 +00:00 · 2003-09-27 01:58:23 +00:00 · 1eb451937a
parent 6806a8b51f
commit 1eb451937a
4 changed files with 29 additions and 2 deletions
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@ -1,3 +1,10 @@
+2003-09-26  Pierre Humblet <pierre.humblet@ieee.org>
+
+	* pinfo.h (pinfo::set_acl): Declare.
+	* pinfo.cc (pinfo_fixup_after_fork): Duplicate with no rights.
+	(pinfo::set_acl): New.
+	* spawn.cc (spawn_guts): Call myself.set_acl.
+
 2003-09-26  Pierre Humblet <pierre.humblet@ieee.org>

 	* uinfo.cc (cygheap_user::init): Make sure the current user appears
--- a/winsup/cygwin/pinfo.cc
+++ b/winsup/cygwin/pinfo.cc
@ -42,9 +42,9 @@ pinfo_fixup_after_fork ()
 {
  if (hexec_proc)
    CloseHandle (hexec_proc);
-
+  /* Keeps the cygpid from being reused. No rights required */
  if (!DuplicateHandle (hMainProc, hMainProc, hMainProc, &hexec_proc, 0,
-			TRUE, DUPLICATE_SAME_ACCESS))
+			TRUE, 0))
    {
      system_printf ("couldn't save current process handle %p, %E", hMainProc);
      hexec_proc = NULL;
@ -238,6 +238,22 @@ pinfo::init (pid_t n, DWORD flag, HANDLE in_h)
  destroy = 1;
 }

+void
+pinfo::set_acl()
+{
+  char sa_buf[1024];
+  SECURITY_DESCRIPTOR sd;
+  
+  sec_acl ((PACL) sa_buf, true, true, cygheap->user.sid (), 
+	   well_known_world_sid, FILE_MAP_READ);
+  if (!InitializeSecurityDescriptor( &sd, SECURITY_DESCRIPTOR_REVISION))
+    debug_printf("InitializeSecurityDescriptor %E");
+  else if (!SetSecurityDescriptorDacl(&sd, TRUE, (PACL) sa_buf, FALSE)) 
+    debug_printf("SetSecurityDescriptorDacl %E");
+  else if (!SetKernelObjectSecurity(h, DACL_SECURITY_INFORMATION, &sd))
+    debug_printf ("SetKernelObjectSecurity %E");
+}
+
 bool
 _pinfo::alive ()
 {
--- a/winsup/cygwin/pinfo.h
+++ b/winsup/cygwin/pinfo.h
@ -176,6 +176,7 @@ public:
  }
 #endif
  HANDLE shared_handle () {return h;}
+  void set_acl();
 };

 #define ISSTATE(p, f)	(!!((p)->process_state & f))
--- a/winsup/cygwin/spawn.cc
+++ b/winsup/cygwin/spawn.cc
@ -679,6 +679,9 @@ spawn_guts (const char * prog_arg, const char *const *argv,
  else
    {
      PSID sid = cygheap->user.sid ();
+      /* Give access to myself */
+      if (mode == _P_OVERLAY)
+	myself.set_acl();

      /* Set security attributes with sid */
      PSECURITY_ATTRIBUTES sec_attribs = sec_user_nih (sa_buf, sid);