Cygwin: fork/exec: fix child process permissions

- Exec'ed/spawned processes don't need PROCESS_DUP_HANDLE.  Remove that
  permission from the parent handle.

- PROCESS_QUERY_LIMITED_INFORMATION doesn't work for Windows 7 if the
  process is started as a service.  Add PROCESS_QUERY_INFORMATION for
  pre-Windows 8 in that case.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
This commit is contained in:
Corinna Vinschen 2019-01-29 16:26:45 +01:00
parent c86b2f549b
commit 5a0f2c00aa
5 changed files with 38 additions and 8 deletions

View File

@ -17,6 +17,7 @@ details. */
/* UID/GID */ /* UID/GID */
void uinfo_init (); void uinfo_init ();
bool check_token_membership (HANDLE, PSID);
bool check_token_membership (PSID); bool check_token_membership (PSID);
#define ILLEGAL_UID ((uid_t)-1) #define ILLEGAL_UID ((uid_t)-1)

View File

@ -811,12 +811,24 @@ child_info::child_info (unsigned in_cb, child_info_types chtype,
} }
sigproc_printf ("subproc_ready %p", subproc_ready); sigproc_printf ("subproc_ready %p", subproc_ready);
/* Create an inheritable handle to pass to the child process. This will /* Create an inheritable handle to pass to the child process. This will
allow the child to duplicate handles from the parent to itself. */ allow the child to copy cygheap etc. from the parent to itself. If
we're forking, we also need handle duplicate access. */
parent = NULL; parent = NULL;
DWORD perms = PROCESS_QUERY_LIMITED_INFORMATION | PROCESS_VM_READ;
if (type == _CH_FORK)
{
perms |= PROCESS_DUP_HANDLE;
/* For some reason fork on Windows 7 requires PROCESS_QUERY_INFORMATION
rather than just PROCESS_QUERY_LIMITED_INFORMATION when started as a
service. */
if (wincap.needs_query_information ()
&& (cygheap->user.saved_sid () == well_known_system_sid
|| check_token_membership (hProcToken, well_known_service_sid)))
perms |= PROCESS_QUERY_INFORMATION;
}
if (!DuplicateHandle (GetCurrentProcess (), GetCurrentProcess (), if (!DuplicateHandle (GetCurrentProcess (), GetCurrentProcess (),
GetCurrentProcess (), &parent, GetCurrentProcess (), &parent, perms, TRUE, 0))
PROCESS_DUP_HANDLE | PROCESS_VM_READ
| PROCESS_QUERY_LIMITED_INFORMATION, TRUE, 0))
system_printf ("couldn't create handle to myself for child, %E"); system_printf ("couldn't create handle to myself for child, %E");
} }

View File

@ -118,16 +118,13 @@ cygheap_user::init ()
This needs careful checking should we use check_token_membership in other This needs careful checking should we use check_token_membership in other
circumstances. */ circumstances. */
bool bool
check_token_membership (PSID sid) check_token_membership (HANDLE tok, PSID sid)
{ {
NTSTATUS status; NTSTATUS status;
ULONG size; ULONG size;
tmp_pathbuf tp; tmp_pathbuf tp;
PTOKEN_GROUPS groups = (PTOKEN_GROUPS) tp.w_get (); PTOKEN_GROUPS groups = (PTOKEN_GROUPS) tp.w_get ();
/* If impersonated, use impersonation token. */
HANDLE tok = cygheap->user.issetuid () ? cygheap->user.primary_token ()
: hProcToken;
status = NtQueryInformationToken (tok, TokenGroups, groups, 2 * NT_MAX_PATH, status = NtQueryInformationToken (tok, TokenGroups, groups, 2 * NT_MAX_PATH,
&size); &size);
if (!NT_SUCCESS (status)) if (!NT_SUCCESS (status))
@ -142,6 +139,15 @@ check_token_membership (PSID sid)
return false; return false;
} }
bool
check_token_membership (PSID sid)
{
/* If impersonated, use impersonation token. */
HANDLE tok = cygheap->user.issetuid () ? cygheap->user.primary_token ()
: hProcToken;
return check_token_membership (tok, sid);
}
static void static void
internal_getlogin (cygheap_user &user) internal_getlogin (cygheap_user &user)
{ {

View File

@ -23,6 +23,7 @@ wincaps wincap_vista __attribute__((section (".cygwin_dll_common"), shared)) = {
{ {
is_server:false, is_server:false,
needs_count_in_si_lpres2:true, needs_count_in_si_lpres2:true,
needs_query_information:true,
has_gaa_largeaddress_bug:true, has_gaa_largeaddress_bug:true,
has_broken_alloc_console:false, has_broken_alloc_console:false,
has_console_logon_sid:false, has_console_logon_sid:false,
@ -46,6 +47,7 @@ wincaps wincap_7 __attribute__((section (".cygwin_dll_common"), shared)) = {
{ {
is_server:false, is_server:false,
needs_count_in_si_lpres2:false, needs_count_in_si_lpres2:false,
needs_query_information:true,
has_gaa_largeaddress_bug:true, has_gaa_largeaddress_bug:true,
has_broken_alloc_console:true, has_broken_alloc_console:true,
has_console_logon_sid:true, has_console_logon_sid:true,
@ -69,6 +71,7 @@ wincaps wincap_8 __attribute__((section (".cygwin_dll_common"), shared)) = {
{ {
is_server:false, is_server:false,
needs_count_in_si_lpres2:false, needs_count_in_si_lpres2:false,
needs_query_information:false,
has_gaa_largeaddress_bug:false, has_gaa_largeaddress_bug:false,
has_broken_alloc_console:true, has_broken_alloc_console:true,
has_console_logon_sid:true, has_console_logon_sid:true,
@ -92,6 +95,7 @@ wincaps wincap_10_1507 __attribute__((section (".cygwin_dll_common"), shared))
{ {
is_server:false, is_server:false,
needs_count_in_si_lpres2:false, needs_count_in_si_lpres2:false,
needs_query_information:false,
has_gaa_largeaddress_bug:false, has_gaa_largeaddress_bug:false,
has_broken_alloc_console:true, has_broken_alloc_console:true,
has_console_logon_sid:true, has_console_logon_sid:true,
@ -115,6 +119,7 @@ wincaps wincap_10_1511 __attribute__((section (".cygwin_dll_common"), shared)) =
{ {
is_server:false, is_server:false,
needs_count_in_si_lpres2:false, needs_count_in_si_lpres2:false,
needs_query_information:false,
has_gaa_largeaddress_bug:false, has_gaa_largeaddress_bug:false,
has_broken_alloc_console:true, has_broken_alloc_console:true,
has_console_logon_sid:true, has_console_logon_sid:true,
@ -138,6 +143,7 @@ wincaps wincap_10_1703 __attribute__((section (".cygwin_dll_common"), shared)) =
{ {
is_server:false, is_server:false,
needs_count_in_si_lpres2:false, needs_count_in_si_lpres2:false,
needs_query_information:false,
has_gaa_largeaddress_bug:false, has_gaa_largeaddress_bug:false,
has_broken_alloc_console:true, has_broken_alloc_console:true,
has_console_logon_sid:true, has_console_logon_sid:true,
@ -161,6 +167,7 @@ wincaps wincap_10_1709 __attribute__((section (".cygwin_dll_common"), shared)) =
{ {
is_server:false, is_server:false,
needs_count_in_si_lpres2:false, needs_count_in_si_lpres2:false,
needs_query_information:false,
has_gaa_largeaddress_bug:false, has_gaa_largeaddress_bug:false,
has_broken_alloc_console:true, has_broken_alloc_console:true,
has_console_logon_sid:true, has_console_logon_sid:true,
@ -184,6 +191,7 @@ wincaps wincap_10_1803 __attribute__((section (".cygwin_dll_common"), shared)) =
{ {
is_server:false, is_server:false,
needs_count_in_si_lpres2:false, needs_count_in_si_lpres2:false,
needs_query_information:false,
has_gaa_largeaddress_bug:false, has_gaa_largeaddress_bug:false,
has_broken_alloc_console:true, has_broken_alloc_console:true,
has_console_logon_sid:true, has_console_logon_sid:true,
@ -207,6 +215,7 @@ wincaps wincap_10_1809 __attribute__((section (".cygwin_dll_common"), shared)) =
{ {
is_server:false, is_server:false,
needs_count_in_si_lpres2:false, needs_count_in_si_lpres2:false,
needs_query_information:false,
has_gaa_largeaddress_bug:false, has_gaa_largeaddress_bug:false,
has_broken_alloc_console:true, has_broken_alloc_console:true,
has_console_logon_sid:true, has_console_logon_sid:true,

View File

@ -17,6 +17,7 @@ struct wincaps
struct __attribute__ ((aligned (8))) { struct __attribute__ ((aligned (8))) {
unsigned is_server : 1; unsigned is_server : 1;
unsigned needs_count_in_si_lpres2 : 1; unsigned needs_count_in_si_lpres2 : 1;
unsigned needs_query_information : 1;
unsigned has_gaa_largeaddress_bug : 1; unsigned has_gaa_largeaddress_bug : 1;
unsigned has_broken_alloc_console : 1; unsigned has_broken_alloc_console : 1;
unsigned has_console_logon_sid : 1; unsigned has_console_logon_sid : 1;
@ -70,6 +71,7 @@ public:
} }
bool IMPLEMENT (is_server) bool IMPLEMENT (is_server)
bool IMPLEMENT (needs_count_in_si_lpres2) bool IMPLEMENT (needs_count_in_si_lpres2)
bool IMPLEMENT (needs_query_information)
bool IMPLEMENT (has_gaa_largeaddress_bug) bool IMPLEMENT (has_gaa_largeaddress_bug)
bool IMPLEMENT (has_broken_alloc_console) bool IMPLEMENT (has_broken_alloc_console)
bool IMPLEMENT (has_console_logon_sid) bool IMPLEMENT (has_console_logon_sid)