2003-09-26 Pierre Humblet <pierre.humblet@ieee.org>

	* pinfo.h (pinfo::set_acl): Declare.
	* pinfo.cc (pinfo_fixup_after_fork): Duplicate with no rights.
	(pinfo::set_acl): New.
	* spawn.cc (spawn_guts): Call myself.set_acl.

diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog
index 3f4467ac306d24e35c850df3bb50427201c4b6ad..485dd7729ef044be372fc112796a28ee42eba965 100644 (file)
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@@ -1,3 +1,10 @@
+2003-09-26  Pierre Humblet <pierre.humblet@ieee.org>
+
+       * pinfo.h (pinfo::set_acl): Declare.
+       * pinfo.cc (pinfo_fixup_after_fork): Duplicate with no rights.
+       (pinfo::set_acl): New.
+       * spawn.cc (spawn_guts): Call myself.set_acl.
+
 2003-09-26  Pierre Humblet <pierre.humblet@ieee.org>
 
        * uinfo.cc (cygheap_user::init): Make sure the current user appears

diff --git a/winsup/cygwin/pinfo.cc b/winsup/cygwin/pinfo.cc
index 884b994a34f7f6f971b4dd6d7b6f17ce04e0be22..0967215e71316097f87ee933fac779dece49f09f 100644 (file)
--- a/winsup/cygwin/pinfo.cc
+++ b/winsup/cygwin/pinfo.cc
@@ -42,9 +42,9 @@ pinfo_fixup_after_fork ()
 {
   if (hexec_proc)
     CloseHandle (hexec_proc);
-
+  /* Keeps the cygpid from being reused. No rights required */
   if (!DuplicateHandle (hMainProc, hMainProc, hMainProc, &hexec_proc, 0,
-                       TRUE, DUPLICATE_SAME_ACCESS))
+                       TRUE, 0))
     {
       system_printf ("couldn't save current process handle %p, %E", hMainProc);
       hexec_proc = NULL;
@@ -238,6 +238,22 @@ pinfo::init (pid_t n, DWORD flag, HANDLE in_h)
   destroy = 1;
 }
 
+void
+pinfo::set_acl()
+{
+  char sa_buf[1024];
+  SECURITY_DESCRIPTOR sd;
+  
+  sec_acl ((PACL) sa_buf, true, true, cygheap->user.sid (), 
+          well_known_world_sid, FILE_MAP_READ);
+  if (!InitializeSecurityDescriptor( &sd, SECURITY_DESCRIPTOR_REVISION))
+    debug_printf("InitializeSecurityDescriptor %E");
+  else if (!SetSecurityDescriptorDacl(&sd, TRUE, (PACL) sa_buf, FALSE)) 
+    debug_printf("SetSecurityDescriptorDacl %E");
+  else if (!SetKernelObjectSecurity(h, DACL_SECURITY_INFORMATION, &sd))
+    debug_printf ("SetKernelObjectSecurity %E");
+}
+
 bool
 _pinfo::alive ()
 {

diff --git a/winsup/cygwin/pinfo.h b/winsup/cygwin/pinfo.h
index 0556946c66e5013986cda2aa6f7e3da0ed813da1..4988ca7744469f8f3fa9cca87e8b56626c846450 100644 (file)
--- a/winsup/cygwin/pinfo.h
+++ b/winsup/cygwin/pinfo.h
@@ -176,6 +176,7 @@ public:
   }
 #endif
   HANDLE shared_handle () {return h;}
+  void set_acl();
 };
 
 #define ISSTATE(p, f)  (!!((p)->process_state & f))

diff --git a/winsup/cygwin/spawn.cc b/winsup/cygwin/spawn.cc
index ce61c22d547555ae6d30079226a80c1323cbc9bb..ab749d6086cb8a51d58409a39fa97a257dbcd951 100644 (file)
--- a/winsup/cygwin/spawn.cc
+++ b/winsup/cygwin/spawn.cc
@@ -679,6 +679,9 @@ spawn_guts (const char * prog_arg, const char *const *argv,
   else
     {
       PSID sid = cygheap->user.sid ();
+      /* Give access to myself */
+      if (mode == _P_OVERLAY)
+       myself.set_acl();
 
       /* Set security attributes with sid */
       PSECURITY_ATTRIBUTES sec_attribs = sec_user_nih (sa_buf, sid);