Cygwin: fork/exec: fix child process permissions
- Exec'ed/spawned processes don't need PROCESS_DUP_HANDLE. Remove that permission from the parent handle. - PROCESS_QUERY_LIMITED_INFORMATION doesn't work for Windows 7 if the process is started as a service. Add PROCESS_QUERY_INFORMATION for pre-Windows 8 in that case. Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
This commit is contained in:
@@ -811,12 +811,24 @@ child_info::child_info (unsigned in_cb, child_info_types chtype,
|
||||
}
|
||||
sigproc_printf ("subproc_ready %p", subproc_ready);
|
||||
/* Create an inheritable handle to pass to the child process. This will
|
||||
allow the child to duplicate handles from the parent to itself. */
|
||||
allow the child to copy cygheap etc. from the parent to itself. If
|
||||
we're forking, we also need handle duplicate access. */
|
||||
parent = NULL;
|
||||
DWORD perms = PROCESS_QUERY_LIMITED_INFORMATION | PROCESS_VM_READ;
|
||||
if (type == _CH_FORK)
|
||||
{
|
||||
perms |= PROCESS_DUP_HANDLE;
|
||||
/* For some reason fork on Windows 7 requires PROCESS_QUERY_INFORMATION
|
||||
rather than just PROCESS_QUERY_LIMITED_INFORMATION when started as a
|
||||
service. */
|
||||
if (wincap.needs_query_information ()
|
||||
&& (cygheap->user.saved_sid () == well_known_system_sid
|
||||
|| check_token_membership (hProcToken, well_known_service_sid)))
|
||||
perms |= PROCESS_QUERY_INFORMATION;
|
||||
}
|
||||
|
||||
if (!DuplicateHandle (GetCurrentProcess (), GetCurrentProcess (),
|
||||
GetCurrentProcess (), &parent,
|
||||
PROCESS_DUP_HANDLE | PROCESS_VM_READ
|
||||
| PROCESS_QUERY_LIMITED_INFORMATION, TRUE, 0))
|
||||
GetCurrentProcess (), &parent, perms, TRUE, 0))
|
||||
system_printf ("couldn't create handle to myself for child, %E");
|
||||
}
|
||||
|
||||
|
Reference in New Issue
Block a user