2003-09-26 Pierre Humblet <pierre.humblet@ieee.org>

	* pinfo.h (pinfo::set_acl): Declare.
	* pinfo.cc (pinfo_fixup_after_fork): Duplicate with no rights.
	(pinfo::set_acl): New.
	* spawn.cc (spawn_guts): Call myself.set_acl.

1 files changed, 18 insertions, 2 deletions

diff --git a/winsup/cygwin/pinfo.cc b/winsup/cygwin/pinfo.cc
index 884b994a3..0967215e7 100644
--- a/winsup/cygwin/pinfo.cc
+++ b/winsup/cygwin/pinfo.cc
@@ -42,9 +42,9 @@ pinfo_fixup_after_fork ()
 {
   if (hexec_proc)
     CloseHandle (hexec_proc);
-
+  /* Keeps the cygpid from being reused. No rights required */
   if (!DuplicateHandle (hMainProc, hMainProc, hMainProc, &hexec_proc, 0,
-			TRUE, DUPLICATE_SAME_ACCESS))
+			TRUE, 0))
     {
       system_printf ("couldn't save current process handle %p, %E", hMainProc);
       hexec_proc = NULL;
@@ -238,6 +238,22 @@ pinfo::init (pid_t n, DWORD flag, HANDLE in_h)
   destroy = 1;
 }
 
+void
+pinfo::set_acl()
+{
+  char sa_buf[1024];
+  SECURITY_DESCRIPTOR sd;
+  
+  sec_acl ((PACL) sa_buf, true, true, cygheap->user.sid (), 
+	   well_known_world_sid, FILE_MAP_READ);
+  if (!InitializeSecurityDescriptor( &sd, SECURITY_DESCRIPTOR_REVISION))
+    debug_printf("InitializeSecurityDescriptor %E");
+  else if (!SetSecurityDescriptorDacl(&sd, TRUE, (PACL) sa_buf, FALSE)) 
+    debug_printf("SetSecurityDescriptorDacl %E");
+  else if (!SetKernelObjectSecurity(h, DACL_SECURITY_INFORMATION, &sd))
+    debug_printf ("SetKernelObjectSecurity %E");
+}
+
 bool
 _pinfo::alive ()
 {