Partially revert change from 2005-04-03, always running under an

impersonation token, which collides with Vista UAC.
	* cygheap.h (deimpersonate): revert to self instead of impersonating
	hProcImpToken.
	(reimpersonate): Only impersonate if setuid.
	* dcrt0.cc (dll_crt0_0): Don't initialize hProcImpToken here.
	(dll_crt0_1): Set privileges on hProcToken.
	* fork.cc (frok::child): Set privileges on hProcToken.  Close handle to
	hProcImpToken.
	* grp.cc (internal_getgroups): Use hProcToken instead of hProcImpToken.
	* security.cc (check_access): Create hProcImpToken on demand here.
	* security.h (set_process_privilege): Set privileges on hProcToken.
	(_push_thread_privilege): Use hProcToken instead of hProcImpToken.
	(pop_thread_privilege): If not setuid'ed, revert to self.
	* syscalls.cc (setegid32): Drop setting primary group on hProcImpToken.
	Close handle to hProcImpToken.
	* uinfo.cc (internal_getlogin): Ditto.
	* winsup.h (clear_procimptoken): New inline function.
This commit is contained in:
Corinna Vinschen
2006-12-12 16:27:32 +00:00
parent 815122d842
commit 5684cfebba
10 changed files with 58 additions and 28 deletions

View File

@@ -117,7 +117,8 @@ frok::child (void *)
if (wincap.has_security ())
{
set_cygwin_privileges (hProcImpToken);
set_cygwin_privileges (hProcToken);
clear_procimptoken ();
cygheap->user.reimpersonate ();
}