aboutsummaryrefslogtreecommitdiff
path: root/winsup
diff options
context:
space:
mode:
authorCorinna Vinschen <corinna@vinschen.de>2004-02-06 10:37:37 +0000
committerCorinna Vinschen <corinna@vinschen.de>2004-02-06 10:37:37 +0000
commit043878df18006f7243ae2547bcb0c9c43404fa82 (patch)
tree9098f5273fe63ddfcb7fca66017e81d28eceb3e5 /winsup
parent4ea8488c702529fd5e5bd32c2e7b624be8bad81b (diff)
downloadnewlib-043878df18006f7243ae2547bcb0c9c43404fa82.zip
newlib-043878df18006f7243ae2547bcb0c9c43404fa82.tar.gz
newlib-043878df18006f7243ae2547bcb0c9c43404fa82.tar.bz2
* uinfo.cc (cygheap_user::init): Use sec_user_nih to build a
security descriptor. Set both the process and the default DACLs. * fork.cc (fork_parent): Use sec_none_nih security attributes. * spawn.cc (spawn_guts): Ditto.
Diffstat (limited to 'winsup')
-rw-r--r--winsup/cygwin/ChangeLog7
-rw-r--r--winsup/cygwin/fork.cc6
-rw-r--r--winsup/cygwin/spawn.cc15
-rw-r--r--winsup/cygwin/uinfo.cc45
4 files changed, 30 insertions, 43 deletions
diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog
index e467112..0aac1ab 100644
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@@ -1,3 +1,10 @@
+2004-02-06 Pierre Humblet <pierre.humblet@ieee.org>
+
+ * uinfo.cc (cygheap_user::init): Use sec_user_nih to build a
+ security descriptor. Set both the process and the default DACLs.
+ * fork.cc (fork_parent): Use sec_none_nih security attributes.
+ * spawn.cc (spawn_guts): Ditto.
+
2004-02-05 Christopher Faylor <cgf@redhat.com>
* cygwin.din: Make many more functions SIGFE.
diff --git a/winsup/cygwin/fork.cc b/winsup/cygwin/fork.cc
index 681675a..8a5e5bf 100644
--- a/winsup/cygwin/fork.cc
+++ b/winsup/cygwin/fork.cc
@@ -456,8 +456,6 @@ fork_parent (HANDLE& hParent, dll *&first_dll,
out:
#endif
- char sa_buf[1024];
- PSECURITY_ATTRIBUTES sec_attribs = sec_user_nih (sa_buf);
syscall_printf ("CreateProcess (%s, %s, 0, 0, 1, %x, 0, 0, %p, %p)",
myself->progname, myself->progname, c_flags, &si, &pi);
__malloc_lock ();
@@ -465,8 +463,8 @@ fork_parent (HANDLE& hParent, dll *&first_dll,
newheap = cygheap_setup_for_child (&ch, cygheap->fdtab.need_fixup_before ());
rc = CreateProcess (myself->progname, /* image to run */
myself->progname, /* what we send in arg0 */
- sec_attribs,
- sec_attribs,
+ &sec_none_nih,
+ &sec_none_nih,
TRUE, /* inherit handles from parent */
c_flags,
NULL, /* environment filled in later */
diff --git a/winsup/cygwin/spawn.cc b/winsup/cygwin/spawn.cc
index e5246b8..bfb94bd 100644
--- a/winsup/cygwin/spawn.cc
+++ b/winsup/cygwin/spawn.cc
@@ -639,8 +639,6 @@ spawn_guts (const char * prog_arg, const char *const *argv,
syscall_printf ("null_app_name %d (%s, %.9500s)", null_app_name, runpath, one_line.buf);
void *newheap;
- /* Preallocated buffer for `sec_user' call */
- char sa_buf[1024];
cygbench ("spawn-guts");
@@ -656,14 +654,13 @@ spawn_guts (const char * prog_arg, const char *const *argv,
&& cygheap->user.saved_gid == cygheap->user.real_gid
&& !cygheap->user.groups.issetgroups ()))
{
- PSECURITY_ATTRIBUTES sec_attribs = sec_user_nih (sa_buf);
ciresrv.moreinfo->envp = build_env (envp, envblock, ciresrv.moreinfo->envc,
real_path.iscygexec ());
newheap = cygheap_setup_for_child (&ciresrv, cygheap->fdtab.need_fixup_before ());
rc = CreateProcess (runpath, /* image name - with full path */
one_line.buf, /* what was passed to exec */
- sec_attribs, /* process security attrs */
- sec_attribs, /* thread security attrs */
+ &sec_none_nih,/* process security attrs */
+ &sec_none_nih,/* thread security attrs */
TRUE, /* inherit handles from parent */
flags,
envblock, /* environment */
@@ -673,14 +670,10 @@ spawn_guts (const char * prog_arg, const char *const *argv,
}
else
{
- PSID sid = cygheap->user.sid ();
/* Give access to myself */
if (mode == _P_OVERLAY)
myself.set_acl();
- /* Set security attributes with sid */
- PSECURITY_ATTRIBUTES sec_attribs = sec_user_nih (sa_buf, sid);
-
/* allow the child to interact with our window station/desktop */
HANDLE hwst, hdsk;
SECURITY_INFORMATION dsi = DACL_SECURITY_INFORMATION;
@@ -704,8 +697,8 @@ spawn_guts (const char * prog_arg, const char *const *argv,
rc = CreateProcessAsUser (cygheap->user.token (),
runpath, /* image name - with full path */
one_line.buf, /* what was passed to exec */
- sec_attribs, /* process security attrs */
- sec_attribs, /* thread security attrs */
+ &sec_none_nih, /* process security attrs */
+ &sec_none_nih, /* thread security attrs */
TRUE, /* inherit handles from parent */
flags,
envblock, /* environment */
diff --git a/winsup/cygwin/uinfo.cc b/winsup/cygwin/uinfo.cc
index 81dd7f4..62ed0f2 100644
--- a/winsup/cygwin/uinfo.cc
+++ b/winsup/cygwin/uinfo.cc
@@ -46,8 +46,7 @@ cygheap_user::init ()
HANDLE ptok;
DWORD siz;
- char pdacl_buf [sizeof (PTOKEN_DEFAULT_DACL) + ACL_DEFAULT_SIZE];
- PTOKEN_DEFAULT_DACL pdacl = (PTOKEN_DEFAULT_DACL) pdacl_buf;
+ PSECURITY_DESCRIPTOR psd;
if (!OpenProcessToken (hMainProc, TOKEN_ADJUST_DEFAULT | TOKEN_QUERY,
&ptok))
@@ -70,34 +69,24 @@ cygheap_user::init ()
if (!SetTokenInformation (ptok, TokenOwner, &effec_cygsid, sizeof (cygsid)))
debug_printf ("SetTokenInformation(TokenOwner): %E");
- /* Add the user in the default DACL if needed */
- if (!GetTokenInformation (ptok, TokenDefaultDacl, pdacl, sizeof (pdacl_buf), &siz))
- system_printf ("GetTokenInformation (TokenDefaultDacl): %E");
- else if (pdacl->DefaultDacl) /* Running with security */
+ /* Standard way to build a security descriptor with the usual DACL */
+ char sa_buf[1024];
+ psd = (PSECURITY_DESCRIPTOR) (sec_user_nih (sa_buf, sid()))->lpSecurityDescriptor;
+
+ BOOL acl_exists, dummy;
+ TOKEN_DEFAULT_DACL dacl;
+ if (GetSecurityDescriptorDacl (psd, &acl_exists,
+ &dacl.DefaultDacl, &dummy)
+ && acl_exists && dacl.DefaultDacl)
{
- PACL pAcl = pdacl->DefaultDacl;
- PACCESS_ALLOWED_ACE pAce;
-
- for (int i = 0; i < pAcl->AceCount; i++)
- {
- if (!GetAce (pAcl, i, (LPVOID *) &pAce))
- system_printf ("GetAce: %E");
- else if (pAce->Header.AceType == ACCESS_ALLOWED_ACE_TYPE
- && effec_cygsid == &pAce->SidStart)
- goto out;
- }
- pAcl->AclSize = &pdacl_buf[sizeof (pdacl_buf)] - (char *) pAcl;
- if (!AddAccessAllowedAce (pAcl, ACL_REVISION, GENERIC_ALL, effec_cygsid))
- system_printf ("AddAccessAllowedAce: %E");
- else if (FindFirstFreeAce (pAcl, (LPVOID *) &pAce), !(pAce))
- debug_printf ("FindFirstFreeAce %E");
- else
- {
- pAcl->AclSize = (char *) pAce - (char *) pAcl;
- if (!SetTokenInformation (ptok, TokenDefaultDacl, pdacl, sizeof (* pdacl)))
- system_printf ("SetTokenInformation (TokenDefaultDacl): %E");
- }
+ /* Set the default DACL and the process DACL */
+ if (!SetTokenInformation (ptok, TokenDefaultDacl, &dacl, sizeof (dacl)))
+ system_printf ("SetTokenInformation (TokenDefaultDacl): %E");
+ if (!SetKernelObjectSecurity (hMainProc, DACL_SECURITY_INFORMATION, psd))
+ system_printf ("SetKernelObjectSecurity: %E");
}
+ else
+ system_printf("Cannot get dacl: %E");
out:
CloseHandle (ptok);
}