From cecb74ae47ea94f53641740f18f2308ff4692f41 Mon Sep 17 00:00:00 2001 From: Christopher Faylor Date: Tue, 19 Feb 2002 05:58:44 +0000 Subject: [PATCH] * fork.cc (fork_parent): Use sec_user_nih to control process/thread inheritance/permission. * spawn.cc (spawn_guts): Ditto. * security.cc (create_token): Initialize token so that it is not tested for bogus value later. Use sec_user to control process/thread creation. * security.h (__sec_user): Rename declaration from sec_user. (sec_user_nih): Declare here as inline function wrapper for __sec_user. (sec_user): Ditto. * sigproc.cc (czombies): Allocate a character array for zombies to avoid constructor overhead (extremely hackish, I know). (cpchildren): Ditto. (pchildren): New define. (zombies): Ditto. (getsem): Use sec_user_nih to control semaphore inheritance/permission. --- winsup/cygwin/ChangeLog | 19 +++++++++++++++++++ winsup/cygwin/fork.cc | 4 ++-- winsup/cygwin/security.cc | 2 +- winsup/cygwin/security.h | 16 ++++++++++++++-- winsup/cygwin/shared.cc | 11 +---------- winsup/cygwin/sigproc.cc | 11 +++++++---- winsup/cygwin/spawn.cc | 8 +++----- 7 files changed, 47 insertions(+), 24 deletions(-) diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog index 66a732e17..d1be50463 100644 --- a/winsup/cygwin/ChangeLog +++ b/winsup/cygwin/ChangeLog @@ -1,3 +1,22 @@ +2002-02-19 Christopher Faylor + + * fork.cc (fork_parent): Use sec_user_nih to control process/thread + inheritance/permission. + * spawn.cc (spawn_guts): Ditto. + * security.cc (create_token): Initialize token so that it is not tested + for bogus value later. Use sec_user to control process/thread + creation. + * security.h (__sec_user): Rename declaration from sec_user. + (sec_user_nih): Declare here as inline function wrapper for __sec_user. + (sec_user): Ditto. + * sigproc.cc (czombies): Allocate a character array for zombies to + avoid constructor overhead + (extremely hackish, I know). + (cpchildren): Ditto. + (pchildren): New define. + (zombies): Ditto. + (getsem): Use sec_user_nih to control semaphore inheritance/permission. + 2002-02-16 Christopher Faylor * times.cc (hires::prime): Restore thread priority on failure diff --git a/winsup/cygwin/fork.cc b/winsup/cygwin/fork.cc index 8aa21a35c..1927a5647 100644 --- a/winsup/cygwin/fork.cc +++ b/winsup/cygwin/fork.cc @@ -470,8 +470,8 @@ fork_parent (HANDLE& hParent, dll *&first_dll, newheap = cygheap_setup_for_child (&ch,cygheap->fdtab.need_fixup_before ()); rc = CreateProcess (myself->progname, /* image to run */ myself->progname, /* what we send in arg0 */ - allow_ntsec ? sec_user (sa_buf) : &sec_none_nih, - allow_ntsec ? sec_user (sa_buf) : &sec_none_nih, + sec_user_nih (sa_buf), + sec_user_nih (sa_buf), TRUE, /* inherit handles from parent */ c_flags, NULL, /* environment filled in later */ diff --git a/winsup/cygwin/security.cc b/winsup/cygwin/security.cc index 863b036c3..b33360d1a 100644 --- a/winsup/cygwin/security.cc +++ b/winsup/cygwin/security.cc @@ -726,7 +726,7 @@ create_token (cygsid &usersid, cygsid &pgrpsid) source.SourceIdentifier.HighPart = 0; source.SourceIdentifier.LowPart = 0x0101; - HANDLE token; + HANDLE token = INVALID_HANDLE_VALUE; HANDLE primary_token = INVALID_HANDLE_VALUE; HANDLE my_token = INVALID_HANDLE_VALUE; diff --git a/winsup/cygwin/security.h b/winsup/cygwin/security.h index 3dbcc87b2..0c3cbc987 100644 --- a/winsup/cygwin/security.h +++ b/winsup/cygwin/security.h @@ -199,8 +199,20 @@ SECURITY_DESCRIPTOR *__stdcall get_null_sd (void); /* Various types of security attributes for use in Create* functions. */ extern SECURITY_ATTRIBUTES sec_none, sec_none_nih, sec_all, sec_all_nih; -extern SECURITY_ATTRIBUTES *__stdcall sec_user (PVOID sa_buf, PSID sid2 = NULL, BOOL inherit = TRUE); -extern SECURITY_ATTRIBUTES *__stdcall sec_user_nih (PVOID sa_buf, PSID sid2 = NULL); +extern SECURITY_ATTRIBUTES *__stdcall __sec_user (PVOID sa_buf, PSID sid2, BOOL inherit) + __attribute__ ((regparm (3))); int __stdcall NTReadEA (const char *file, const char *attrname, char *buf, int len); BOOL __stdcall NTWriteEA (const char *file, const char *attrname, const char *buf, int len); + +extern inline SECURITY_ATTRIBUTES * +sec_user_nih (char sa_buf[], PSID sid = NULL) +{ + return allow_ntsec ? __sec_user (sa_buf, sid, FALSE) : &sec_none_nih; +} + +extern inline SECURITY_ATTRIBUTES * +sec_user (char sa_buf[], PSID sid = NULL) +{ + return allow_ntsec ? __sec_user (sa_buf, sid, TRUE) : &sec_none_nih; +} diff --git a/winsup/cygwin/shared.cc b/winsup/cygwin/shared.cc index 7b21e1387..5f1bc1fdd 100644 --- a/winsup/cygwin/shared.cc +++ b/winsup/cygwin/shared.cc @@ -237,11 +237,8 @@ get_null_sd () } PSECURITY_ATTRIBUTES __stdcall -sec_user (PVOID sa_buf, PSID sid2, BOOL inherit) +__sec_user (PVOID sa_buf, PSID sid2, BOOL inherit) { - if (!sa_buf) - return inherit ? &sec_none : &sec_none_nih; - PSECURITY_ATTRIBUTES psa = (PSECURITY_ATTRIBUTES) sa_buf; PSECURITY_DESCRIPTOR psd = (PSECURITY_DESCRIPTOR) ((char *) sa_buf + sizeof (*psa)); @@ -314,9 +311,3 @@ sec_user (PVOID sa_buf, PSID sid2, BOOL inherit) psa->bInheritHandle = inherit; return psa; } - -SECURITY_ATTRIBUTES *__stdcall -sec_user_nih (PVOID sa_buf, PSID sid2) -{ - return sec_user (sa_buf, sid2, FALSE); -} diff --git a/winsup/cygwin/sigproc.cc b/winsup/cygwin/sigproc.cc index f0a31131c..573e4f581 100644 --- a/winsup/cygwin/sigproc.cc +++ b/winsup/cygwin/sigproc.cc @@ -103,11 +103,14 @@ Static HANDLE wait_sig_inited = NULL; // Control synchronization of */ Static HANDLE events[PSIZE + 1] = {0}; // All my children's handles++ #define hchildren (events + 1) // Where the children handles begin -Static pinfo pchildren[PSIZE]; // All my children info +Static char cpchildren[PSIZE * sizeof (pinfo)]; // All my children info Static int nchildren = 0; // Number of active children -Static pinfo zombies[NZOMBIES]; // All my deceased children info +Static char czombies[NZOMBIES * sizeof (pinfo)]; // All my deceased children info Static int nzombies = 0; // Number of deceased children +#define pchildren ((pinfo *) cpchildren) +#define zombies ((pinfo *) czombies) + Static waitq waitq_head = {0, 0, 0, 0, 0, 0, 0};// Start of queue for wait'ing threads Static waitq waitq_main; // Storage for main thread @@ -939,8 +942,8 @@ getsem (_pinfo *p, const char *str, int init, int max) char sa_buf[1024]; DWORD winpid = GetCurrentProcessId (); - h = CreateSemaphore (allow_ntsec ? sec_user_nih (sa_buf) : &sec_none_nih, - init, max, str = shared_name (str, winpid)); + h = CreateSemaphore (sec_user_nih (sa_buf), init, max, + str = shared_name (str, winpid)); p = myself; if (!h) { diff --git a/winsup/cygwin/spawn.cc b/winsup/cygwin/spawn.cc index 1818d0ac7..b5dc670ce 100644 --- a/winsup/cygwin/spawn.cc +++ b/winsup/cygwin/spawn.cc @@ -635,9 +635,9 @@ spawn_guts (HANDLE hToken, const char * prog_arg, const char *const *argv, rc = CreateProcess (runpath, /* image name - with full path */ one_line.buf, /* what was passed to exec */ /* process security attrs */ - allow_ntsec ? sec_user (sa_buf) : &sec_all_nih, + sec_user_nih (sa_buf), /* thread security attrs */ - allow_ntsec ? sec_user (sa_buf) : &sec_all_nih, + sec_user_nih (sa_buf), TRUE, /* inherit handles from parent */ flags, envblock,/* environment */ @@ -656,9 +656,7 @@ spawn_guts (HANDLE hToken, const char * prog_arg, const char *const *argv, } /* Retrieve security attributes before setting psid to NULL since it's value is needed by `sec_user'. */ - PSECURITY_ATTRIBUTES sec_attribs = allow_ntsec && sid - ? sec_user (sa_buf, sid) - : &sec_all_nih; + PSECURITY_ATTRIBUTES sec_attribs = sec_user_nih (sa_buf, sid); /* Remove impersonation */ if (cygheap->user.impersonated