From 1eb451937a4b977e050ba7f2a6dd93e7a6baf23c Mon Sep 17 00:00:00 2001
From: Pierre Humblet <phumblet@phumblet.no-ip.org>
Date: Sat, 27 Sep 2003 01:58:23 +0000
Subject: [PATCH] 2003-09-26  Pierre Humblet <pierre.humblet@ieee.org>

	* pinfo.h (pinfo::set_acl): Declare.
	* pinfo.cc (pinfo_fixup_after_fork): Duplicate with no rights.
	(pinfo::set_acl): New.
	* spawn.cc (spawn_guts): Call myself.set_acl.
---
 winsup/cygwin/ChangeLog |  7 +++++++
 winsup/cygwin/pinfo.cc  | 20 ++++++++++++++++++--
 winsup/cygwin/pinfo.h   |  1 +
 winsup/cygwin/spawn.cc  |  3 +++
 4 files changed, 29 insertions(+), 2 deletions(-)

diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog
index 3f4467ac3..485dd7729 100644
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@@ -1,3 +1,10 @@
+2003-09-26  Pierre Humblet <pierre.humblet@ieee.org>
+
+	* pinfo.h (pinfo::set_acl): Declare.
+	* pinfo.cc (pinfo_fixup_after_fork): Duplicate with no rights.
+	(pinfo::set_acl): New.
+	* spawn.cc (spawn_guts): Call myself.set_acl.
+
 2003-09-26  Pierre Humblet <pierre.humblet@ieee.org>
 
 	* uinfo.cc (cygheap_user::init): Make sure the current user appears
diff --git a/winsup/cygwin/pinfo.cc b/winsup/cygwin/pinfo.cc
index 884b994a3..0967215e7 100644
--- a/winsup/cygwin/pinfo.cc
+++ b/winsup/cygwin/pinfo.cc
@@ -42,9 +42,9 @@ pinfo_fixup_after_fork ()
 {
   if (hexec_proc)
     CloseHandle (hexec_proc);
-
+  /* Keeps the cygpid from being reused. No rights required */
   if (!DuplicateHandle (hMainProc, hMainProc, hMainProc, &hexec_proc, 0,
-			TRUE, DUPLICATE_SAME_ACCESS))
+			TRUE, 0))
     {
       system_printf ("couldn't save current process handle %p, %E", hMainProc);
       hexec_proc = NULL;
@@ -238,6 +238,22 @@ pinfo::init (pid_t n, DWORD flag, HANDLE in_h)
   destroy = 1;
 }
 
+void
+pinfo::set_acl()
+{
+  char sa_buf[1024];
+  SECURITY_DESCRIPTOR sd;
+  
+  sec_acl ((PACL) sa_buf, true, true, cygheap->user.sid (), 
+	   well_known_world_sid, FILE_MAP_READ);
+  if (!InitializeSecurityDescriptor( &sd, SECURITY_DESCRIPTOR_REVISION))
+    debug_printf("InitializeSecurityDescriptor %E");
+  else if (!SetSecurityDescriptorDacl(&sd, TRUE, (PACL) sa_buf, FALSE)) 
+    debug_printf("SetSecurityDescriptorDacl %E");
+  else if (!SetKernelObjectSecurity(h, DACL_SECURITY_INFORMATION, &sd))
+    debug_printf ("SetKernelObjectSecurity %E");
+}
+
 bool
 _pinfo::alive ()
 {
diff --git a/winsup/cygwin/pinfo.h b/winsup/cygwin/pinfo.h
index 0556946c6..4988ca774 100644
--- a/winsup/cygwin/pinfo.h
+++ b/winsup/cygwin/pinfo.h
@@ -176,6 +176,7 @@ public:
   }
 #endif
   HANDLE shared_handle () {return h;}
+  void set_acl();
 };
 
 #define ISSTATE(p, f)	(!!((p)->process_state & f))
diff --git a/winsup/cygwin/spawn.cc b/winsup/cygwin/spawn.cc
index ce61c22d5..ab749d608 100644
--- a/winsup/cygwin/spawn.cc
+++ b/winsup/cygwin/spawn.cc
@@ -679,6 +679,9 @@ spawn_guts (const char * prog_arg, const char *const *argv,
   else
     {
       PSID sid = cygheap->user.sid ();
+      /* Give access to myself */
+      if (mode == _P_OVERLAY)
+	myself.set_acl();
 
       /* Set security attributes with sid */
       PSECURITY_ATTRIBUTES sec_attribs = sec_user_nih (sa_buf, sid);