Cygwin: fork/exec: Allow all users PROCESS_QUERY_LIMITED_INFORMATION

Create process with standard rights, plus
PROCESS_QUERY_LIMITED_INFORMATION for authenticated users.  This
allows to fetch basic process information and thus /proc/<PID>/stat
to succeed on foreign processes.

While at it, fix formatting in CreateProcess calls.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>

winsup/cygwin/fork.cc

@@ -318,6 +318,13 @@ frok::parent (volatile char * volatile stack_here)
 
   ch.silentfail (!*with_forkables); /* fail silently without forkables */
 
+  tmp_pathbuf tp;
+  PSECURITY_ATTRIBUTES sa = (PSECURITY_ATTRIBUTES) tp.w_get ();
+  if (!sec_user_nih (sa, cygheap->user.saved_sid (),
+		     well_known_authenticated_users_sid,
+		     PROCESS_QUERY_LIMITED_INFORMATION))
+    sa = &sec_none_nih;
+
   while (1)
     {
       PCWCHAR forking_progname = NULL;
@@ -339,12 +346,12 @@ frok::parent (volatile char * volatile stack_here)
 						   sure child stack is allocated
 						   in the same memory location
 						   as in parent. */
-			   &sec_none_nih,
+			   sa,
-			   &sec_none_nih,
+			   sa,
-			   TRUE,		/* inherit handles from parent */
+			   TRUE,		/* inherit handles */
 			   c_flags,
-			   NULL,		/* environment filled in later */
+			   NULL,		/* environ filled in later */
-			   0,	  		/* use current drive/directory */
+			   0,			/* use cwd */
 			   &si,
 			   &pi);
 

winsup/cygwin/spawn.cc

@@ -566,6 +566,12 @@ child_info_spawn::worker (const char *prog_arg, const char *const *argv,
 	SetHandleInformation (my_wr_proc_pipe, HANDLE_FLAG_INHERIT, 0);
       parent_winpid = GetCurrentProcessId ();
 
+      PSECURITY_ATTRIBUTES sa = (PSECURITY_ATTRIBUTES) tp.w_get ();
+      if (!sec_user_nih (sa, cygheap->user.sid (),
+			 well_known_authenticated_users_sid,
+			 PROCESS_QUERY_LIMITED_INFORMATION))
+	sa = &sec_none_nih;
+
     loop:
       /* When ruid != euid we create the new process under the current original
 	 account and impersonate in child, this way maintaining the different
@@ -586,13 +592,13 @@ child_info_spawn::worker (const char *prog_arg, const char *const *argv,
 	      && !::cygheap->user.groups.issetgroups ()
 	      && !::cygheap->user.setuid_to_restricted))
 	{
-	  rc = CreateProcessW (runpath,	  /* image name - with full path */
+	  rc = CreateProcessW (runpath,		/* image name w/ full path */
-			       cmd.wcs (wcmd),/* what was passed to exec */
+			       cmd.wcs (wcmd),	/* what was passed to exec */
-			       &sec_none_nih, /* process security attrs */
+			       sa,		/* process security attrs */
-			       &sec_none_nih, /* thread security attrs */
+			       sa,		/* thread security attrs */
-			       TRUE,	  /* inherit handles from parent */
+			       TRUE,		/* inherit handles */
 			       c_flags,
-			       envblock,	  /* environment */
+			       envblock,	/* environment */
 			       NULL,
 			       &si,
 			       &pi);
@@ -640,13 +646,13 @@ child_info_spawn::worker (const char *prog_arg, const char *const *argv,
 	    }
 
 	  rc = CreateProcessAsUserW (::cygheap->user.primary_token (),
-			       runpath,	  /* image name - with full path */
+			       runpath,		/* image name w/ full path */
-			       cmd.wcs (wcmd),/* what was passed to exec */
+			       cmd.wcs (wcmd),	/* what was passed to exec */
-			       &sec_none_nih, /* process security attrs */
+			       sa,		/* process security attrs */
-			       &sec_none_nih, /* thread security attrs */
+			       sa,		/* thread security attrs */
-			       TRUE,	  /* inherit handles from parent */
+			       TRUE,		/* inherit handles */
 			       c_flags,
-			       envblock,	  /* environment */
+			       envblock,	/* environment */
 			       NULL,
 			       &si,
 			       &pi);