Partially revert change from 2005-04-03, always running under an
impersonation token, which collides with Vista UAC. * cygheap.h (deimpersonate): revert to self instead of impersonating hProcImpToken. (reimpersonate): Only impersonate if setuid. * dcrt0.cc (dll_crt0_0): Don't initialize hProcImpToken here. (dll_crt0_1): Set privileges on hProcToken. * fork.cc (frok::child): Set privileges on hProcToken. Close handle to hProcImpToken. * grp.cc (internal_getgroups): Use hProcToken instead of hProcImpToken. * security.cc (check_access): Create hProcImpToken on demand here. * security.h (set_process_privilege): Set privileges on hProcToken. (_push_thread_privilege): Use hProcToken instead of hProcImpToken. (pop_thread_privilege): If not setuid'ed, revert to self. * syscalls.cc (setegid32): Drop setting primary group on hProcImpToken. Close handle to hProcImpToken. * uinfo.cc (internal_getlogin): Ditto. * winsup.h (clear_procimptoken): New inline function.
This commit is contained in:
@@ -396,14 +396,14 @@ bool get_logon_server (const char * domain, char * server, WCHAR *wserver,
|
||||
int set_privilege (HANDLE token, enum cygpriv_idx privilege, bool enable);
|
||||
void set_cygwin_privileges (HANDLE token);
|
||||
|
||||
#define set_process_privilege(p,v) set_privilege (hProcImpToken, (p), (v))
|
||||
#define set_process_privilege(p,v) set_privilege (hProcToken, (p), (v))
|
||||
|
||||
#define _push_thread_privilege(_priv, _val, _check) { \
|
||||
HANDLE _token = NULL, _dup_token = NULL; \
|
||||
if (wincap.has_security ()) \
|
||||
{ \
|
||||
_token = (cygheap->user.issetuid () && (_check)) \
|
||||
? cygheap->user.token () : hProcImpToken; \
|
||||
? cygheap->user.token () : hProcToken; \
|
||||
if (!DuplicateTokenEx (_token, MAXIMUM_ALLOWED, NULL, \
|
||||
SecurityImpersonation, TokenImpersonation, \
|
||||
&_dup_token)) \
|
||||
@@ -419,7 +419,10 @@ void set_cygwin_privileges (HANDLE token);
|
||||
#define pop_thread_privilege() \
|
||||
if (_dup_token) \
|
||||
{ \
|
||||
ImpersonateLoggedOnUser (_token); \
|
||||
if (_token == hProcToken) \
|
||||
RevertToSelf (); \
|
||||
else \
|
||||
ImpersonateLoggedOnUser (_token); \
|
||||
CloseHandle (_dup_token); \
|
||||
} \
|
||||
}
|
||||
|
Reference in New Issue
Block a user