diff options
| author | Pierre Humblet <phumblet@phumblet.no-ip.org> | 2003-09-27 01:58:23 +0000 |
|---|---|---|
| committer | Pierre Humblet <phumblet@phumblet.no-ip.org> | 2003-09-27 01:58:23 +0000 |
| commit | 1eb451937a4b977e050ba7f2a6dd93e7a6baf23c (patch) | |
| tree | 713d3ed3af6f38437218f33bb41cc38fc9fad460 /winsup/cygwin | |
| parent | 6806a8b51f96d59cb6dadd86fab4ae7cdecca3ed (diff) | |
| download | cygnal-1eb451937a4b977e050ba7f2a6dd93e7a6baf23c.tar.gz cygnal-1eb451937a4b977e050ba7f2a6dd93e7a6baf23c.tar.bz2 cygnal-1eb451937a4b977e050ba7f2a6dd93e7a6baf23c.zip | |
2003-09-26 Pierre Humblet <pierre.humblet@ieee.org>
* pinfo.h (pinfo::set_acl): Declare.
* pinfo.cc (pinfo_fixup_after_fork): Duplicate with no rights.
(pinfo::set_acl): New.
* spawn.cc (spawn_guts): Call myself.set_acl.
Diffstat (limited to 'winsup/cygwin')
| -rw-r--r-- | winsup/cygwin/ChangeLog | 7 | ||||
| -rw-r--r-- | winsup/cygwin/pinfo.cc | 20 | ||||
| -rw-r--r-- | winsup/cygwin/pinfo.h | 1 | ||||
| -rw-r--r-- | winsup/cygwin/spawn.cc | 3 |
4 files changed, 29 insertions, 2 deletions
diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog index 3f4467ac3..485dd7729 100644 --- a/winsup/cygwin/ChangeLog +++ b/winsup/cygwin/ChangeLog @@ -1,5 +1,12 @@ 2003-09-26 Pierre Humblet <pierre.humblet@ieee.org> + * pinfo.h (pinfo::set_acl): Declare. + * pinfo.cc (pinfo_fixup_after_fork): Duplicate with no rights. + (pinfo::set_acl): New. + * spawn.cc (spawn_guts): Call myself.set_acl. + +2003-09-26 Pierre Humblet <pierre.humblet@ieee.org> + * uinfo.cc (cygheap_user::init): Make sure the current user appears in the default DACL. Rearrange to decrease the indentation levels. Initialize the effec_cygsid directly. diff --git a/winsup/cygwin/pinfo.cc b/winsup/cygwin/pinfo.cc index 884b994a3..0967215e7 100644 --- a/winsup/cygwin/pinfo.cc +++ b/winsup/cygwin/pinfo.cc @@ -42,9 +42,9 @@ pinfo_fixup_after_fork () { if (hexec_proc) CloseHandle (hexec_proc); - + /* Keeps the cygpid from being reused. No rights required */ if (!DuplicateHandle (hMainProc, hMainProc, hMainProc, &hexec_proc, 0, - TRUE, DUPLICATE_SAME_ACCESS)) + TRUE, 0)) { system_printf ("couldn't save current process handle %p, %E", hMainProc); hexec_proc = NULL; @@ -238,6 +238,22 @@ pinfo::init (pid_t n, DWORD flag, HANDLE in_h) destroy = 1; } +void +pinfo::set_acl() +{ + char sa_buf[1024]; + SECURITY_DESCRIPTOR sd; + + sec_acl ((PACL) sa_buf, true, true, cygheap->user.sid (), + well_known_world_sid, FILE_MAP_READ); + if (!InitializeSecurityDescriptor( &sd, SECURITY_DESCRIPTOR_REVISION)) + debug_printf("InitializeSecurityDescriptor %E"); + else if (!SetSecurityDescriptorDacl(&sd, TRUE, (PACL) sa_buf, FALSE)) + debug_printf("SetSecurityDescriptorDacl %E"); + else if (!SetKernelObjectSecurity(h, DACL_SECURITY_INFORMATION, &sd)) + debug_printf ("SetKernelObjectSecurity %E"); +} + bool _pinfo::alive () { diff --git a/winsup/cygwin/pinfo.h b/winsup/cygwin/pinfo.h index 0556946c6..4988ca774 100644 --- a/winsup/cygwin/pinfo.h +++ b/winsup/cygwin/pinfo.h @@ -176,6 +176,7 @@ public: } #endif HANDLE shared_handle () {return h;} + void set_acl(); }; #define ISSTATE(p, f) (!!((p)->process_state & f)) diff --git a/winsup/cygwin/spawn.cc b/winsup/cygwin/spawn.cc index ce61c22d5..ab749d608 100644 --- a/winsup/cygwin/spawn.cc +++ b/winsup/cygwin/spawn.cc @@ -679,6 +679,9 @@ spawn_guts (const char * prog_arg, const char *const *argv, else { PSID sid = cygheap->user.sid (); + /* Give access to myself */ + if (mode == _P_OVERLAY) + myself.set_acl(); /* Set security attributes with sid */ PSECURITY_ATTRIBUTES sec_attribs = sec_user_nih (sa_buf, sid); |