* fork.cc (fork_parent): Use sec_user_nih to control process/thread

inheritance/permission.
* spawn.cc (spawn_guts): Ditto.
* security.cc (create_token): Initialize token so that it is not tested for
bogus value later.  Use sec_user to control process/thread creation.
* security.h (__sec_user): Rename declaration from sec_user.
(sec_user_nih): Declare here as inline function wrapper for __sec_user.
(sec_user): Ditto.
* sigproc.cc (czombies): Allocate a character array for zombies to avoid
constructor overhead
(extremely hackish, I know).
(cpchildren): Ditto.
(pchildren): New define.
(zombies): Ditto.
(getsem): Use sec_user_nih to control semaphore inheritance/permission.

7 files changed, 47 insertions, 24 deletions

diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog
index 66a732e17..d1be50463 100644
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@@ -1,3 +1,22 @@
+2002-02-19  Christopher Faylor  <cgf@redhat.com>
+
+	* fork.cc (fork_parent): Use sec_user_nih to control process/thread
+	inheritance/permission.
+	* spawn.cc (spawn_guts): Ditto.
+	* security.cc (create_token): Initialize token so that it is not tested
+	for bogus value later.  Use sec_user to control process/thread
+	creation.
+	* security.h (__sec_user): Rename declaration from sec_user.
+	(sec_user_nih): Declare here as inline function wrapper for __sec_user.
+	(sec_user): Ditto.
+	* sigproc.cc (czombies): Allocate a character array for zombies to
+	avoid constructor overhead
+	(extremely hackish, I know).
+	(cpchildren): Ditto.
+	(pchildren): New define.
+	(zombies): Ditto.
+	(getsem): Use sec_user_nih to control semaphore inheritance/permission.
+
 2002-02-16  Christopher Faylor  <cgf@redhat.com>
 
 	* times.cc (hires::prime): Restore thread priority on failure
diff --git a/winsup/cygwin/fork.cc b/winsup/cygwin/fork.cc
index 8aa21a35c..1927a5647 100644
--- a/winsup/cygwin/fork.cc
+++ b/winsup/cygwin/fork.cc
@@ -470,8 +470,8 @@ fork_parent (HANDLE& hParent, dll *&first_dll,
   newheap = cygheap_setup_for_child (&ch,cygheap->fdtab.need_fixup_before ());
   rc = CreateProcess (myself->progname, /* image to run */
 		      myself->progname, /* what we send in arg0 */
-		      allow_ntsec ? sec_user (sa_buf) : &sec_none_nih,
-		      allow_ntsec ? sec_user (sa_buf) : &sec_none_nih,
+		      sec_user_nih (sa_buf),
+		      sec_user_nih (sa_buf),
 		      TRUE,	  /* inherit handles from parent */
 		      c_flags,
 		      NULL,	  /* environment filled in later */
diff --git a/winsup/cygwin/security.cc b/winsup/cygwin/security.cc
index 863b036c3..b33360d1a 100644
--- a/winsup/cygwin/security.cc
+++ b/winsup/cygwin/security.cc
@@ -726,7 +726,7 @@ create_token (cygsid &usersid, cygsid &pgrpsid)
   source.SourceIdentifier.HighPart = 0;
   source.SourceIdentifier.LowPart = 0x0101;
 
-  HANDLE token;
+  HANDLE token = INVALID_HANDLE_VALUE;
   HANDLE primary_token = INVALID_HANDLE_VALUE;
 
   HANDLE my_token = INVALID_HANDLE_VALUE;
diff --git a/winsup/cygwin/security.h b/winsup/cygwin/security.h
index 3dbcc87b2..0c3cbc987 100644
--- a/winsup/cygwin/security.h
+++ b/winsup/cygwin/security.h
@@ -199,8 +199,20 @@ SECURITY_DESCRIPTOR *__stdcall get_null_sd (void);
 
 /* Various types of security attributes for use in Create* functions. */
 extern SECURITY_ATTRIBUTES sec_none, sec_none_nih, sec_all, sec_all_nih;
-extern SECURITY_ATTRIBUTES *__stdcall sec_user (PVOID sa_buf, PSID sid2 = NULL, BOOL inherit = TRUE);
-extern SECURITY_ATTRIBUTES *__stdcall sec_user_nih (PVOID sa_buf, PSID sid2 = NULL);
+extern SECURITY_ATTRIBUTES *__stdcall __sec_user (PVOID sa_buf, PSID sid2, BOOL inherit)
+  __attribute__ ((regparm (3)));
 
 int __stdcall NTReadEA (const char *file, const char *attrname, char *buf, int len);
 BOOL __stdcall NTWriteEA (const char *file, const char *attrname, const char *buf, int len);
+
+extern inline SECURITY_ATTRIBUTES *
+sec_user_nih (char sa_buf[], PSID sid = NULL)
+{
+  return allow_ntsec ? __sec_user (sa_buf, sid, FALSE) : &sec_none_nih;
+}
+
+extern inline SECURITY_ATTRIBUTES *
+sec_user (char sa_buf[], PSID sid = NULL)
+{
+  return allow_ntsec ? __sec_user (sa_buf, sid, TRUE) : &sec_none_nih;
+}
diff --git a/winsup/cygwin/shared.cc b/winsup/cygwin/shared.cc
index 7b21e1387..5f1bc1fdd 100644
--- a/winsup/cygwin/shared.cc
+++ b/winsup/cygwin/shared.cc
@@ -237,11 +237,8 @@ get_null_sd ()
 }
 
 PSECURITY_ATTRIBUTES __stdcall
-sec_user (PVOID sa_buf, PSID sid2, BOOL inherit)
+__sec_user (PVOID sa_buf, PSID sid2, BOOL inherit)
 {
-  if (!sa_buf)
-    return inherit ? &sec_none : &sec_none_nih;
-
   PSECURITY_ATTRIBUTES psa = (PSECURITY_ATTRIBUTES) sa_buf;
   PSECURITY_DESCRIPTOR psd = (PSECURITY_DESCRIPTOR)
 			     ((char *) sa_buf + sizeof (*psa));
@@ -314,9 +311,3 @@ sec_user (PVOID sa_buf, PSID sid2, BOOL inherit)
   psa->bInheritHandle = inherit;
   return psa;
 }
-
-SECURITY_ATTRIBUTES *__stdcall
-sec_user_nih (PVOID sa_buf, PSID sid2)
-{
-  return sec_user (sa_buf, sid2, FALSE);
-}
diff --git a/winsup/cygwin/sigproc.cc b/winsup/cygwin/sigproc.cc
index f0a31131c..573e4f581 100644
--- a/winsup/cygwin/sigproc.cc
+++ b/winsup/cygwin/sigproc.cc
@@ -103,11 +103,14 @@ Static HANDLE wait_sig_inited = NULL;	// Control synchronization of
  */
 Static HANDLE events[PSIZE + 1] = {0};  // All my children's handles++
 #define hchildren (events + 1)		// Where the children handles begin
-Static pinfo pchildren[PSIZE];		// All my children info
+Static char cpchildren[PSIZE * sizeof (pinfo)];		// All my children info
 Static int nchildren = 0;		// Number of active children
-Static pinfo zombies[NZOMBIES];		// All my deceased children info
+Static char czombies[NZOMBIES * sizeof (pinfo)];		// All my deceased children info
 Static int nzombies = 0;		// Number of deceased children
 
+#define pchildren ((pinfo *) cpchildren)
+#define zombies ((pinfo *) czombies)
+
 Static waitq waitq_head = {0, 0, 0, 0, 0, 0, 0};// Start of queue for wait'ing threads
 Static waitq waitq_main;		// Storage for main thread
 
@@ -939,8 +942,8 @@ getsem (_pinfo *p, const char *str, int init, int max)
       char sa_buf[1024];
 
       DWORD winpid = GetCurrentProcessId ();
-      h = CreateSemaphore (allow_ntsec ? sec_user_nih (sa_buf) : &sec_none_nih,
-			   init, max, str = shared_name (str, winpid));
+      h = CreateSemaphore (sec_user_nih (sa_buf), init, max,
+			   str = shared_name (str, winpid));
       p = myself;
       if (!h)
 	{
diff --git a/winsup/cygwin/spawn.cc b/winsup/cygwin/spawn.cc
index 1818d0ac7..b5dc670ce 100644
--- a/winsup/cygwin/spawn.cc
+++ b/winsup/cygwin/spawn.cc
@@ -635,9 +635,9 @@ spawn_guts (HANDLE hToken, const char * prog_arg, const char *const *argv,
       rc = CreateProcess (runpath,	/* image name - with full path */
 			  one_line.buf,	/* what was passed to exec */
 					  /* process security attrs */
-			  allow_ntsec ? sec_user (sa_buf) : &sec_all_nih,
+			  sec_user_nih (sa_buf),
 					  /* thread security attrs */
-			  allow_ntsec ? sec_user (sa_buf) : &sec_all_nih,
+			  sec_user_nih (sa_buf),
 			  TRUE,	/* inherit handles from parent */
 			  flags,
 			  envblock,/* environment */
@@ -656,9 +656,7 @@ spawn_guts (HANDLE hToken, const char * prog_arg, const char *const *argv,
 	}
       /* Retrieve security attributes before setting psid to NULL
 	 since it's value is needed by `sec_user'. */
-      PSECURITY_ATTRIBUTES sec_attribs = allow_ntsec && sid
-					 ? sec_user (sa_buf, sid)
-					 : &sec_all_nih;
+      PSECURITY_ATTRIBUTES sec_attribs = sec_user_nih (sa_buf, sid);
 
       /* Remove impersonation */
       if (cygheap->user.impersonated