diff options
| author | Corinna Vinschen <corinna@vinschen.de> | 2019-01-29 22:37:00 +0300 |
|---|---|---|
| committer | Corinna Vinschen <corinna@vinschen.de> | 2019-01-29 22:37:00 +0300 |
| commit | 4d738e0f62403c3f1b082abf927aab00056230c5 (patch) | |
| tree | 03720baec7164389183cce562ed268cd421edb28 | |
| parent | 5a0f2c00aa019de73a6077ca3017b594c43184a4 (diff) | |
Cygwin: execve: reduce parent handle to non-inheritable SYNCHRONIZE
Keeping an inheritable handle open results in that handle being
spilled over into grandchild processes, which is not desired.
Duplicate original parent handle into a non-inheritable one with
minimal SYNCHRONIZE permissions and close the original handle.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
| -rw-r--r-- | winsup/cygwin/dcrt0.cc | 30 | ||||
| -rw-r--r-- | winsup/cygwin/sigproc.cc | 3 |
2 files changed, 25 insertions, 8 deletions
diff --git a/winsup/cygwin/dcrt0.cc b/winsup/cygwin/dcrt0.cc index 6b564dced..463df3128 100644 --- a/winsup/cygwin/dcrt0.cc +++ b/winsup/cygwin/dcrt0.cc @@ -685,14 +685,30 @@ child_info_spawn::handle_spawn () ready (true); - /* Keep pointer to parent open if we've execed so that pid will not be reused. - Otherwise, we no longer need this handle so close it. - Need to do this after debug_fixup_after_fork_exec or DEBUGGING handling of - handles might get confused. */ - if (type != _CH_EXEC && child_proc_info->parent) + if (child_proc_info->parent) { - CloseHandle (child_proc_info->parent); - child_proc_info->parent = NULL; + if (type == _CH_EXEC) + { + /* Keep pointer to parent open if we've execed so that pid will not be + reused. Try to Urther reduce permissions. */ + HANDLE new_parent; + + if (DuplicateHandle (GetCurrentProcess (), child_proc_info->parent, + GetCurrentProcess (), &new_parent, + SYNCHRONIZE, FALSE, 0)) + { + CloseHandle (child_proc_info->parent); + child_proc_info->parent = new_parent; + } + } + else + { + /* Otherwise, we no longer need this handle so close it. Need to do + this after debug_fixup_after_fork_exec or DEBUGGING handling of + handles might get confused. */ + CloseHandle (child_proc_info->parent); + child_proc_info->parent = NULL; + } } signal_fixup_after_exec (); diff --git a/winsup/cygwin/sigproc.cc b/winsup/cygwin/sigproc.cc index 42eeb304d..080fe58df 100644 --- a/winsup/cygwin/sigproc.cc +++ b/winsup/cygwin/sigproc.cc @@ -814,7 +814,8 @@ child_info::child_info (unsigned in_cb, child_info_types chtype, allow the child to copy cygheap etc. from the parent to itself. If we're forking, we also need handle duplicate access. */ parent = NULL; - DWORD perms = PROCESS_QUERY_LIMITED_INFORMATION | PROCESS_VM_READ; + DWORD perms = PROCESS_QUERY_LIMITED_INFORMATION | PROCESS_VM_READ + | SYNCHRONIZE; if (type == _CH_FORK) { perms |= PROCESS_DUP_HANDLE; |