diff options
| author | Corinna Vinschen <corinna@vinschen.de> | 2019-03-12 13:41:35 +0300 |
|---|---|---|
| committer | Corinna Vinschen <corinna@vinschen.de> | 2019-03-12 13:41:35 +0300 |
| commit | 24f9cb015ea011b43f9c4b865c98b61be731487f (patch) | |
| tree | 0c03db55117fcb3b02877f61694c16fea4e4fa81 | |
| parent | 57f1c81fb3e4a2581f5421350315755b07e509c8 (diff) | |
Cygwin: fork/exec: Allow all users PROCESS_QUERY_LIMITED_INFORMATION
Create process with standard rights, plus
PROCESS_QUERY_LIMITED_INFORMATION for authenticated users. This
allows to fetch basic process information and thus /proc/<PID>/stat
to succeed on foreign processes.
While at it, fix formatting in CreateProcess calls.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
| -rw-r--r-- | winsup/cygwin/fork.cc | 17 | ||||
| -rw-r--r-- | winsup/cygwin/spawn.cc | 30 |
2 files changed, 30 insertions, 17 deletions
diff --git a/winsup/cygwin/fork.cc b/winsup/cygwin/fork.cc index 7ae0404f4..74ee9acf4 100644 --- a/winsup/cygwin/fork.cc +++ b/winsup/cygwin/fork.cc @@ -318,6 +318,13 @@ frok::parent (volatile char * volatile stack_here) ch.silentfail (!*with_forkables); /* fail silently without forkables */ + tmp_pathbuf tp; + PSECURITY_ATTRIBUTES sa = (PSECURITY_ATTRIBUTES) tp.w_get (); + if (!sec_user_nih (sa, cygheap->user.saved_sid (), + well_known_authenticated_users_sid, + PROCESS_QUERY_LIMITED_INFORMATION)) + sa = &sec_none_nih; + while (1) { PCWCHAR forking_progname = NULL; @@ -339,12 +346,12 @@ frok::parent (volatile char * volatile stack_here) sure child stack is allocated in the same memory location as in parent. */ - &sec_none_nih, - &sec_none_nih, - TRUE, /* inherit handles from parent */ + sa, + sa, + TRUE, /* inherit handles */ c_flags, - NULL, /* environment filled in later */ - 0, /* use current drive/directory */ + NULL, /* environ filled in later */ + 0, /* use cwd */ &si, &pi); diff --git a/winsup/cygwin/spawn.cc b/winsup/cygwin/spawn.cc index ebc34d105..4e549f7d4 100644 --- a/winsup/cygwin/spawn.cc +++ b/winsup/cygwin/spawn.cc @@ -566,6 +566,12 @@ child_info_spawn::worker (const char *prog_arg, const char *const *argv, SetHandleInformation (my_wr_proc_pipe, HANDLE_FLAG_INHERIT, 0); parent_winpid = GetCurrentProcessId (); + PSECURITY_ATTRIBUTES sa = (PSECURITY_ATTRIBUTES) tp.w_get (); + if (!sec_user_nih (sa, cygheap->user.sid (), + well_known_authenticated_users_sid, + PROCESS_QUERY_LIMITED_INFORMATION)) + sa = &sec_none_nih; + loop: /* When ruid != euid we create the new process under the current original account and impersonate in child, this way maintaining the different @@ -586,13 +592,13 @@ child_info_spawn::worker (const char *prog_arg, const char *const *argv, && !::cygheap->user.groups.issetgroups () && !::cygheap->user.setuid_to_restricted)) { - rc = CreateProcessW (runpath, /* image name - with full path */ - cmd.wcs (wcmd),/* what was passed to exec */ - &sec_none_nih, /* process security attrs */ - &sec_none_nih, /* thread security attrs */ - TRUE, /* inherit handles from parent */ + rc = CreateProcessW (runpath, /* image name w/ full path */ + cmd.wcs (wcmd), /* what was passed to exec */ + sa, /* process security attrs */ + sa, /* thread security attrs */ + TRUE, /* inherit handles */ c_flags, - envblock, /* environment */ + envblock, /* environment */ NULL, &si, &pi); @@ -640,13 +646,13 @@ child_info_spawn::worker (const char *prog_arg, const char *const *argv, } rc = CreateProcessAsUserW (::cygheap->user.primary_token (), - runpath, /* image name - with full path */ - cmd.wcs (wcmd),/* what was passed to exec */ - &sec_none_nih, /* process security attrs */ - &sec_none_nih, /* thread security attrs */ - TRUE, /* inherit handles from parent */ + runpath, /* image name w/ full path */ + cmd.wcs (wcmd), /* what was passed to exec */ + sa, /* process security attrs */ + sa, /* thread security attrs */ + TRUE, /* inherit handles */ c_flags, - envblock, /* environment */ + envblock, /* environment */ NULL, &si, &pi); |