[newlib-cygwin] Cygwin: fork/exec: Allow all users PROCESS_QUERY_LIMITED_INFORMATION
Corinna Vinschen
corinna@sourceware.org
Tue Mar 12 10:48:00 GMT 2019
https://sourceware.org/git/gitweb.cgi?p=newlib-cygwin.git;h=24f9cb015ea011b43f9c4b865c98b61be731487f
commit 24f9cb015ea011b43f9c4b865c98b61be731487f
Author: Corinna Vinschen <corinna@vinschen.de>
Date: Tue Mar 12 11:41:35 2019 +0100
Cygwin: fork/exec: Allow all users PROCESS_QUERY_LIMITED_INFORMATION
Create process with standard rights, plus
PROCESS_QUERY_LIMITED_INFORMATION for authenticated users. This
allows to fetch basic process information and thus /proc/<PID>/stat
to succeed on foreign processes.
While at it, fix formatting in CreateProcess calls.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Diff:
---
winsup/cygwin/fork.cc | 17 ++++++++++++-----
winsup/cygwin/spawn.cc | 30 ++++++++++++++++++------------
2 files changed, 30 insertions(+), 17 deletions(-)
diff --git a/winsup/cygwin/fork.cc b/winsup/cygwin/fork.cc
index 7ae0404..74ee9ac 100644
--- a/winsup/cygwin/fork.cc
+++ b/winsup/cygwin/fork.cc
@@ -318,6 +318,13 @@ frok::parent (volatile char * volatile stack_here)
ch.silentfail (!*with_forkables); /* fail silently without forkables */
+ tmp_pathbuf tp;
+ PSECURITY_ATTRIBUTES sa = (PSECURITY_ATTRIBUTES) tp.w_get ();
+ if (!sec_user_nih (sa, cygheap->user.saved_sid (),
+ well_known_authenticated_users_sid,
+ PROCESS_QUERY_LIMITED_INFORMATION))
+ sa = &sec_none_nih;
+
while (1)
{
PCWCHAR forking_progname = NULL;
@@ -339,12 +346,12 @@ frok::parent (volatile char * volatile stack_here)
sure child stack is allocated
in the same memory location
as in parent. */
- &sec_none_nih,
- &sec_none_nih,
- TRUE, /* inherit handles from parent */
+ sa,
+ sa,
+ TRUE, /* inherit handles */
c_flags,
- NULL, /* environment filled in later */
- 0, /* use current drive/directory */
+ NULL, /* environ filled in later */
+ 0, /* use cwd */
&si,
&pi);
diff --git a/winsup/cygwin/spawn.cc b/winsup/cygwin/spawn.cc
index ebc34d1..4e549f7 100644
--- a/winsup/cygwin/spawn.cc
+++ b/winsup/cygwin/spawn.cc
@@ -566,6 +566,12 @@ child_info_spawn::worker (const char *prog_arg, const char *const *argv,
SetHandleInformation (my_wr_proc_pipe, HANDLE_FLAG_INHERIT, 0);
parent_winpid = GetCurrentProcessId ();
+ PSECURITY_ATTRIBUTES sa = (PSECURITY_ATTRIBUTES) tp.w_get ();
+ if (!sec_user_nih (sa, cygheap->user.sid (),
+ well_known_authenticated_users_sid,
+ PROCESS_QUERY_LIMITED_INFORMATION))
+ sa = &sec_none_nih;
+
loop:
/* When ruid != euid we create the new process under the current original
account and impersonate in child, this way maintaining the different
@@ -586,13 +592,13 @@ child_info_spawn::worker (const char *prog_arg, const char *const *argv,
&& !::cygheap->user.groups.issetgroups ()
&& !::cygheap->user.setuid_to_restricted))
{
- rc = CreateProcessW (runpath, /* image name - with full path */
- cmd.wcs (wcmd),/* what was passed to exec */
- &sec_none_nih, /* process security attrs */
- &sec_none_nih, /* thread security attrs */
- TRUE, /* inherit handles from parent */
+ rc = CreateProcessW (runpath, /* image name w/ full path */
+ cmd.wcs (wcmd), /* what was passed to exec */
+ sa, /* process security attrs */
+ sa, /* thread security attrs */
+ TRUE, /* inherit handles */
c_flags,
- envblock, /* environment */
+ envblock, /* environment */
NULL,
&si,
&pi);
@@ -640,13 +646,13 @@ child_info_spawn::worker (const char *prog_arg, const char *const *argv,
}
rc = CreateProcessAsUserW (::cygheap->user.primary_token (),
- runpath, /* image name - with full path */
- cmd.wcs (wcmd),/* what was passed to exec */
- &sec_none_nih, /* process security attrs */
- &sec_none_nih, /* thread security attrs */
- TRUE, /* inherit handles from parent */
+ runpath, /* image name w/ full path */
+ cmd.wcs (wcmd), /* what was passed to exec */
+ sa, /* process security attrs */
+ sa, /* thread security attrs */
+ TRUE, /* inherit handles */
c_flags,
- envblock, /* environment */
+ envblock, /* environment */
NULL,
&si,
&pi);
More information about the Cygwin-cvs
mailing list