From 4d738e0f62403c3f1b082abf927aab00056230c5 Mon Sep 17 00:00:00 2001
From: Corinna Vinschen <corinna@vinschen.de>
Date: Tue, 29 Jan 2019 20:37:00 +0100
Subject: [PATCH] Cygwin: execve: reduce parent handle to non-inheritable
 SYNCHRONIZE

Keeping an inheritable handle open results in that handle being
spilled over into grandchild processes, which is not desired.
Duplicate original parent handle into a non-inheritable one with
minimal SYNCHRONIZE permissions and close the original handle.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
---
 winsup/cygwin/dcrt0.cc   | 30 +++++++++++++++++++++++-------
 winsup/cygwin/sigproc.cc |  3 ++-
 2 files changed, 25 insertions(+), 8 deletions(-)

diff --git a/winsup/cygwin/dcrt0.cc b/winsup/cygwin/dcrt0.cc
index 6b564dced..463df3128 100644
--- a/winsup/cygwin/dcrt0.cc
+++ b/winsup/cygwin/dcrt0.cc
@@ -685,14 +685,30 @@ child_info_spawn::handle_spawn ()
 
   ready (true);
 
-  /* Keep pointer to parent open if we've execed so that pid will not be reused.
-     Otherwise, we no longer need this handle so close it.
-     Need to do this after debug_fixup_after_fork_exec or DEBUGGING handling of
-     handles might get confused. */
-  if (type != _CH_EXEC && child_proc_info->parent)
+  if (child_proc_info->parent)
     {
-      CloseHandle (child_proc_info->parent);
-      child_proc_info->parent = NULL;
+      if (type == _CH_EXEC)
+	{
+	  /* Keep pointer to parent open if we've execed so that pid will not be
+	     reused.  Try to Urther reduce permissions. */
+	  HANDLE new_parent;
+
+	  if (DuplicateHandle (GetCurrentProcess (), child_proc_info->parent,
+			       GetCurrentProcess (), &new_parent,
+			       SYNCHRONIZE, FALSE, 0))
+	    {
+	      CloseHandle (child_proc_info->parent);
+	      child_proc_info->parent = new_parent;
+	    }
+	}
+      else
+	{
+	  /* Otherwise, we no longer need this handle so close it.  Need to do
+	     this after debug_fixup_after_fork_exec or DEBUGGING handling of
+	     handles might get confused. */
+	  CloseHandle (child_proc_info->parent);
+	  child_proc_info->parent = NULL;
+	}
     }
 
   signal_fixup_after_exec ();
diff --git a/winsup/cygwin/sigproc.cc b/winsup/cygwin/sigproc.cc
index 42eeb304d..080fe58df 100644
--- a/winsup/cygwin/sigproc.cc
+++ b/winsup/cygwin/sigproc.cc
@@ -814,7 +814,8 @@ child_info::child_info (unsigned in_cb, child_info_types chtype,
      allow the child to copy cygheap etc. from the parent to itself.  If
      we're forking, we also need handle duplicate access. */
   parent = NULL;
-  DWORD perms = PROCESS_QUERY_LIMITED_INFORMATION | PROCESS_VM_READ;
+  DWORD perms = PROCESS_QUERY_LIMITED_INFORMATION | PROCESS_VM_READ
+		| SYNCHRONIZE;
   if (type == _CH_FORK)
     {
       perms |= PROCESS_DUP_HANDLE;