diff options
author | Corinna Vinschen <corinna@vinschen.de> | 2019-01-30 14:18:03 +0300 |
---|---|---|
committer | Corinna Vinschen <corinna@vinschen.de> | 2019-01-30 14:18:03 +0300 |
commit | ef8ce3077f55d5a105b39f605b877da50ab80aa7 (patch) | |
tree | de0e54aefdd07914263afb37a6edf6855728fe60 | |
parent | a52396bd079a22be539df4d63d42425413e0a51c (diff) |
Cygwin: fork: fix child process permissions, take 2
VirtualQueryEx, called by fixup_mmaps_after_fork, requires
PROCESS_QUERY_INFORMATION permissions per MSDN. However, testing
shows that PROCESS_QUERY_LIMITED_INFORMATION is sufficient when
running the same code on Windows 8.1 or Windows 10. Fix the code
to give the forked child always PROCESS_QUERY_INFORMATION perms
on Windows Vista/7 and respective server releases.
Revert now unneeded patch to check_token_membership as well.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
-rw-r--r-- | winsup/cygwin/security.h | 1 | ||||
-rw-r--r-- | winsup/cygwin/sigproc.cc | 10 | ||||
-rw-r--r-- | winsup/cygwin/uinfo.cc | 14 |
3 files changed, 8 insertions, 17 deletions
diff --git a/winsup/cygwin/security.h b/winsup/cygwin/security.h index ec68171a3..70912b4fc 100644 --- a/winsup/cygwin/security.h +++ b/winsup/cygwin/security.h @@ -17,7 +17,6 @@ details. */ /* UID/GID */ void uinfo_init (); -bool check_token_membership (HANDLE, PSID); bool check_token_membership (PSID); #define ILLEGAL_UID ((uid_t)-1) diff --git a/winsup/cygwin/sigproc.cc b/winsup/cygwin/sigproc.cc index 080fe58df..a830bff79 100644 --- a/winsup/cygwin/sigproc.cc +++ b/winsup/cygwin/sigproc.cc @@ -819,12 +819,10 @@ child_info::child_info (unsigned in_cb, child_info_types chtype, if (type == _CH_FORK) { perms |= PROCESS_DUP_HANDLE; - /* For some reason fork on Windows 7 requires PROCESS_QUERY_INFORMATION - rather than just PROCESS_QUERY_LIMITED_INFORMATION when started as a - service. */ - if (wincap.needs_query_information () - && (cygheap->user.saved_sid () == well_known_system_sid - || check_token_membership (hProcToken, well_known_service_sid))) + /* VirtualQueryEx is documented to require PROCESS_QUERY_INFORMATION. + That's true for Windows 7, but PROCESS_QUERY_LIMITED_INFORMATION + appears to be sufficient on Windows 8 and later. */ + if (wincap.needs_query_information ()) perms |= PROCESS_QUERY_INFORMATION; } diff --git a/winsup/cygwin/uinfo.cc b/winsup/cygwin/uinfo.cc index 00a2b5abb..8dcf731de 100644 --- a/winsup/cygwin/uinfo.cc +++ b/winsup/cygwin/uinfo.cc @@ -118,13 +118,16 @@ cygheap_user::init () This needs careful checking should we use check_token_membership in other circumstances. */ bool -check_token_membership (HANDLE tok, PSID sid) +check_token_membership (PSID sid) { NTSTATUS status; ULONG size; tmp_pathbuf tp; PTOKEN_GROUPS groups = (PTOKEN_GROUPS) tp.w_get (); + /* If impersonated, use impersonation token. */ + HANDLE tok = cygheap->user.issetuid () ? cygheap->user.primary_token () + : hProcToken; status = NtQueryInformationToken (tok, TokenGroups, groups, 2 * NT_MAX_PATH, &size); if (!NT_SUCCESS (status)) @@ -139,15 +142,6 @@ check_token_membership (HANDLE tok, PSID sid) return false; } -bool -check_token_membership (PSID sid) -{ - /* If impersonated, use impersonation token. */ - HANDLE tok = cygheap->user.issetuid () ? cygheap->user.primary_token () - : hProcToken; - return check_token_membership (tok, sid); -} - static void internal_getlogin (cygheap_user &user) { |