* fork.cc (fork_parent): Use sec_user_nih to control process/thread

inheritance/permission.
* spawn.cc (spawn_guts): Ditto.
* security.cc (create_token): Initialize token so that it is not tested for
bogus value later.  Use sec_user to control process/thread creation.
* security.h (__sec_user): Rename declaration from sec_user.
(sec_user_nih): Declare here as inline function wrapper for __sec_user.
(sec_user): Ditto.
* sigproc.cc (czombies): Allocate a character array for zombies to avoid
constructor overhead
(extremely hackish, I know).
(cpchildren): Ditto.
(pchildren): New define.
(zombies): Ditto.
(getsem): Use sec_user_nih to control semaphore inheritance/permission.

1 files changed, 3 insertions, 5 deletions

diff --git a/winsup/cygwin/spawn.cc b/winsup/cygwin/spawn.cc
index 1818d0ac7..b5dc670ce 100644
--- a/winsup/cygwin/spawn.cc
+++ b/winsup/cygwin/spawn.cc
@@ -635,9 +635,9 @@ spawn_guts (HANDLE hToken, const char * prog_arg, const char *const *argv,
       rc = CreateProcess (runpath,	/* image name - with full path */
 			  one_line.buf,	/* what was passed to exec */
 					  /* process security attrs */
-			  allow_ntsec ? sec_user (sa_buf) : &sec_all_nih,
+			  sec_user_nih (sa_buf),
 					  /* thread security attrs */
-			  allow_ntsec ? sec_user (sa_buf) : &sec_all_nih,
+			  sec_user_nih (sa_buf),
 			  TRUE,	/* inherit handles from parent */
 			  flags,
 			  envblock,/* environment */
@@ -656,9 +656,7 @@ spawn_guts (HANDLE hToken, const char * prog_arg, const char *const *argv,
 	}
       /* Retrieve security attributes before setting psid to NULL
 	 since it's value is needed by `sec_user'. */
-      PSECURITY_ATTRIBUTES sec_attribs = allow_ntsec && sid
-					 ? sec_user (sa_buf, sid)
-					 : &sec_all_nih;
+      PSECURITY_ATTRIBUTES sec_attribs = sec_user_nih (sa_buf, sid);
 
       /* Remove impersonation */
       if (cygheap->user.impersonated