* fork.cc (fork_parent): Use sec_user_nih to control process/thread

inheritance/permission.
* spawn.cc (spawn_guts): Ditto.
* security.cc (create_token): Initialize token so that it is not tested for
bogus value later.  Use sec_user to control process/thread creation.
* security.h (__sec_user): Rename declaration from sec_user.
(sec_user_nih): Declare here as inline function wrapper for __sec_user.
(sec_user): Ditto.
* sigproc.cc (czombies): Allocate a character array for zombies to avoid
constructor overhead
(extremely hackish, I know).
(cpchildren): Ditto.
(pchildren): New define.
(zombies): Ditto.
(getsem): Use sec_user_nih to control semaphore inheritance/permission.

1 files changed, 14 insertions, 2 deletions

diff --git a/winsup/cygwin/security.h b/winsup/cygwin/security.h
index 3dbcc87b2..0c3cbc987 100644
--- a/winsup/cygwin/security.h
+++ b/winsup/cygwin/security.h
@@ -199,8 +199,20 @@ SECURITY_DESCRIPTOR *__stdcall get_null_sd (void);
 
 /* Various types of security attributes for use in Create* functions. */
 extern SECURITY_ATTRIBUTES sec_none, sec_none_nih, sec_all, sec_all_nih;
-extern SECURITY_ATTRIBUTES *__stdcall sec_user (PVOID sa_buf, PSID sid2 = NULL, BOOL inherit = TRUE);
-extern SECURITY_ATTRIBUTES *__stdcall sec_user_nih (PVOID sa_buf, PSID sid2 = NULL);
+extern SECURITY_ATTRIBUTES *__stdcall __sec_user (PVOID sa_buf, PSID sid2, BOOL inherit)
+  __attribute__ ((regparm (3)));
 
 int __stdcall NTReadEA (const char *file, const char *attrname, char *buf, int len);
 BOOL __stdcall NTWriteEA (const char *file, const char *attrname, const char *buf, int len);
+
+extern inline SECURITY_ATTRIBUTES *
+sec_user_nih (char sa_buf[], PSID sid = NULL)
+{
+  return allow_ntsec ? __sec_user (sa_buf, sid, FALSE) : &sec_none_nih;
+}
+
+extern inline SECURITY_ATTRIBUTES *
+sec_user (char sa_buf[], PSID sid = NULL)
+{
+  return allow_ntsec ? __sec_user (sa_buf, sid, TRUE) : &sec_none_nih;
+}