diff options
| author | Corinna Vinschen <corinna@vinschen.de> | 2000-12-20 12:42:43 +0000 |
|---|---|---|
| committer | Corinna Vinschen <corinna@vinschen.de> | 2000-12-20 12:42:43 +0000 |
| commit | aa2b85cc90a41b143a62196af77736bad9b2da70 (patch) | |
| tree | 4a45d14789a3eccf13747a58f410dae0223831a6 /winsup/cygwin | |
| parent | e625e1b99ec6b3edd58199937d3788f7c17aca98 (diff) | |
| download | newlib-aa2b85cc90a41b143a62196af77736bad9b2da70.zip newlib-aa2b85cc90a41b143a62196af77736bad9b2da70.tar.gz newlib-aa2b85cc90a41b143a62196af77736bad9b2da70.tar.bz2 | |
* autoload.cc: Add load statemant for SetSecurityDescriptorControl.
* security.cc (alloc_sd): Always set SE_DACL_PROTECTED flag on
Win2K and higher.
Diffstat (limited to 'winsup/cygwin')
| -rw-r--r-- | winsup/cygwin/ChangeLog | 6 | ||||
| -rw-r--r-- | winsup/cygwin/autoload.cc | 1 | ||||
| -rw-r--r-- | winsup/cygwin/security.cc | 15 |
3 files changed, 22 insertions, 0 deletions
diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog index aeeec00..b5795c6 100644 --- a/winsup/cygwin/ChangeLog +++ b/winsup/cygwin/ChangeLog @@ -1,3 +1,9 @@ +Wed Dec 20 13:37:00 2000 Corinna Vinschen <corinna@vinschen.de> + + * autoload.cc: Add load statemant for SetSecurityDescriptorControl. + * security.cc (alloc_sd): Always set SE_DACL_PROTECTED flag on + Win2K and higher. + Wed Dec 20 01:02:13 2000 Christopher Faylor <cgf@cygnus.com> * exceptions.cc (reset_signal_arrived): Make global to avoid inlining. diff --git a/winsup/cygwin/autoload.cc b/winsup/cygwin/autoload.cc index 77c3724..83081b7 100644 --- a/winsup/cygwin/autoload.cc +++ b/winsup/cygwin/autoload.cc @@ -228,6 +228,7 @@ LoadDLLfunc (RegisterEventSourceA, 8, advapi32) LoadDLLfunc (ReportEventA, 36, advapi32) LoadDLLfunc (RevertToSelf, 0, advapi32) LoadDLLfunc (SetKernelObjectSecurity, 12, advapi32) +LoadDLLfunc (SetSecurityDescriptorControl, 12, advapi32) LoadDLLfunc (SetSecurityDescriptorDacl, 16, advapi32) LoadDLLfunc (SetSecurityDescriptorGroup, 12, advapi32) LoadDLLfunc (SetSecurityDescriptorOwner, 12, advapi32) diff --git a/winsup/cygwin/security.cc b/winsup/cygwin/security.cc index 67caf68..f5cb813 100644 --- a/winsup/cygwin/security.cc +++ b/winsup/cygwin/security.cc @@ -915,6 +915,21 @@ alloc_sd (uid_t uid, gid_t gid, const char *logsrv, int attribute, return NULL; } + /* + * We set the SE_DACL_PROTECTED flag here to prevent the DACL from being modified + * by inheritable ACEs. + * This flag as well as the SetSecurityDescriptorControl call are available only + * since Win2K. + */ + static int win2KorHigher = -1; + if (win2KorHigher == -1) + { + DWORD version = GetVersion (); + win2KorHigher = (version & 0x80000000) || (version & 0xff) < 5 ? 0 : 1; + } + if (win2KorHigher > 0) + SetSecurityDescriptorControl (&sd, SE_DACL_PROTECTED, SE_DACL_PROTECTED); + /* Create owner for local security descriptor. */ if (! SetSecurityDescriptorOwner(&sd, owner_sid, FALSE)) { |