Cygwin: execve: reduce parent handle to non-inheritable SYNCHRONIZE
Keeping an inheritable handle open results in that handle being spilled over into grandchild processes, which is not desired. Duplicate original parent handle into a non-inheritable one with minimal SYNCHRONIZE permissions and close the original handle. Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
This commit is contained in:
parent
5a0f2c00aa
commit
4d738e0f62
|
@ -685,15 +685,31 @@ child_info_spawn::handle_spawn ()
|
|||
|
||||
ready (true);
|
||||
|
||||
/* Keep pointer to parent open if we've execed so that pid will not be reused.
|
||||
Otherwise, we no longer need this handle so close it.
|
||||
Need to do this after debug_fixup_after_fork_exec or DEBUGGING handling of
|
||||
handles might get confused. */
|
||||
if (type != _CH_EXEC && child_proc_info->parent)
|
||||
if (child_proc_info->parent)
|
||||
{
|
||||
if (type == _CH_EXEC)
|
||||
{
|
||||
/* Keep pointer to parent open if we've execed so that pid will not be
|
||||
reused. Try to Urther reduce permissions. */
|
||||
HANDLE new_parent;
|
||||
|
||||
if (DuplicateHandle (GetCurrentProcess (), child_proc_info->parent,
|
||||
GetCurrentProcess (), &new_parent,
|
||||
SYNCHRONIZE, FALSE, 0))
|
||||
{
|
||||
CloseHandle (child_proc_info->parent);
|
||||
child_proc_info->parent = new_parent;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
/* Otherwise, we no longer need this handle so close it. Need to do
|
||||
this after debug_fixup_after_fork_exec or DEBUGGING handling of
|
||||
handles might get confused. */
|
||||
CloseHandle (child_proc_info->parent);
|
||||
child_proc_info->parent = NULL;
|
||||
}
|
||||
}
|
||||
|
||||
signal_fixup_after_exec ();
|
||||
fixup_lockf_after_exec (type == _CH_EXEC);
|
||||
|
|
|
@ -814,7 +814,8 @@ child_info::child_info (unsigned in_cb, child_info_types chtype,
|
|||
allow the child to copy cygheap etc. from the parent to itself. If
|
||||
we're forking, we also need handle duplicate access. */
|
||||
parent = NULL;
|
||||
DWORD perms = PROCESS_QUERY_LIMITED_INFORMATION | PROCESS_VM_READ;
|
||||
DWORD perms = PROCESS_QUERY_LIMITED_INFORMATION | PROCESS_VM_READ
|
||||
| SYNCHRONIZE;
|
||||
if (type == _CH_FORK)
|
||||
{
|
||||
perms |= PROCESS_DUP_HANDLE;
|
||||
|
|
Loading…
Reference in New Issue