Cygwin: fork: restrict parent handle perms and drop handle after use

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>

winsup/cygwin/dcrt0.cc

@@ -637,7 +637,8 @@ child_info_fork::handle_fork ()
 bool
 child_info_spawn::get_parent_handle ()
 {
-  parent = OpenProcess (PROCESS_VM_READ, false, parent_winpid);
+  parent = OpenProcess (PROCESS_QUERY_LIMITED_INFORMATION, FALSE,
+			parent_winpid);
   moreinfo->myself_pinfo = NULL;
   return !!parent;
 }

winsup/cygwin/fork.cc

@@ -203,6 +203,8 @@ frok::child (volatile char * volatile here)
      rd_proc_pipe that would be an invalid handle.  In the case of
      wr_proc_pipe it would be == my_wr_proc_pipe.  Both would be bad. */
   ch.rd_proc_pipe = ch.wr_proc_pipe = NULL;
+  CloseHandle (hParent);
+  hParent = NULL;
   cygwin_finished_initializing = true;
   return 0;
 }

winsup/cygwin/sigproc.cc

@@ -814,8 +814,9 @@ child_info::child_info (unsigned in_cb, child_info_types chtype,
      allow the child to duplicate handles from the parent to itself. */
   parent = NULL;
   if (!DuplicateHandle (GetCurrentProcess (), GetCurrentProcess (),
-			GetCurrentProcess (), &parent, 0, true,
+			GetCurrentProcess (), &parent,
-			DUPLICATE_SAME_ACCESS))
+			PROCESS_DUP_HANDLE | PROCESS_VM_READ
+			| PROCESS_QUERY_LIMITED_INFORMATION, TRUE, 0))
     system_printf ("couldn't create handle to myself for child, %E");
 }