diff options
| author | Corinna Vinschen <corinna@vinschen.de> | 2003-06-09 13:29:12 +0000 |
|---|---|---|
| committer | Corinna Vinschen <corinna@vinschen.de> | 2003-06-09 13:29:12 +0000 |
| commit | 271c1935b307c30a427047deca4f3a781e9f9eb5 (patch) | |
| tree | 9b1aa8518b94b73f315847a30491e75de845159c /winsup/cygwin/spawn.cc | |
| parent | 32173f7ec4c17b4c8fd8a2bdf98b51e49476d15e (diff) | |
| download | cygnal-271c1935b307c30a427047deca4f3a781e9f9eb5.tar.gz cygnal-271c1935b307c30a427047deca4f3a781e9f9eb5.tar.bz2 cygnal-271c1935b307c30a427047deca4f3a781e9f9eb5.zip | |
* spawn.cc (spawn_guts): Call CreateProcess while impersonated,
when the real {u,g}ids and the groups are original.
Move RevertToSelf and ImpersonateLoggedOnUser to the main line.
* uinfo.cc (uinfo_init): Reorganize. If CreateProcess was called
while impersonated, preserve the uids and gids and call
ImpersonateLoggedOnUser. Preserve the uids and gids on Win9X.
* exceptions.cc (error_start_init): Quote the pgm in the command.
Diffstat (limited to 'winsup/cygwin/spawn.cc')
| -rw-r--r-- | winsup/cygwin/spawn.cc | 22 |
1 files changed, 15 insertions, 7 deletions
diff --git a/winsup/cygwin/spawn.cc b/winsup/cygwin/spawn.cc index b6ec1b9b4..e7b04ad37 100644 --- a/winsup/cygwin/spawn.cc +++ b/winsup/cygwin/spawn.cc @@ -622,7 +622,17 @@ spawn_guts (const char * prog_arg, const char *const *argv, cygbench ("spawn-guts"); cygheap->fdtab.set_file_pointers_for_exec (); - if (!cygheap->user.issetuid ()) + if (cygheap->user.issetuid ()) + RevertToSelf (); + /* When ruid != euid we create the new process under the current original + account and impersonate in child, this way maintaining the different + effective vs. real ids. + FIXME: If ruid != euid and ruid != orig_uid we currently give + up on ruid. The new process will have ruid == euid. */ + if (!cygheap->user.issetuid () + || (cygheap->user.orig_uid == cygheap->user.real_uid + && cygheap->user.orig_gid == cygheap->user.real_gid + && !cygheap->user.groups.issetgroups ())) { PSECURITY_ATTRIBUTES sec_attribs = sec_user_nih (sa_buf); ciresrv.moreinfo->envp = build_env (envp, envblock, ciresrv.moreinfo->envc, @@ -646,8 +656,6 @@ spawn_guts (const char * prog_arg, const char *const *argv, /* Set security attributes with sid */ PSECURITY_ATTRIBUTES sec_attribs = sec_user_nih (sa_buf, sid); - RevertToSelf (); - /* Load users registry hive. */ load_registry_hive (sid); @@ -682,11 +690,11 @@ spawn_guts (const char * prog_arg, const char *const *argv, 0, /* use current drive/directory */ &si, &pi); - /* Restore impersonation. In case of _P_OVERLAY this isn't - allowed since it would overwrite child data. */ - if (mode != _P_OVERLAY) - ImpersonateLoggedOnUser (cygheap->user.token); } + /* Restore impersonation. In case of _P_OVERLAY this isn't + allowed since it would overwrite child data. */ + if (mode != _P_OVERLAY && cygheap->user.issetuid ()) + ImpersonateLoggedOnUser (cygheap->user.token); MALLOC_CHECK; if (envblock) |