JehanneOS/newlib
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

No longer support "Interact with desktop"

Browse Source 
Always create child user window station and desktop, unless only
spawning with restricted token.  Also fix formatting of a few comments
in child_info_spawn::worker.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
This commit is contained in:
Corinna Vinschen 2016-06-25 00:42:36 +02:00
parent cd93c771ef
commit da5b48ef3c
1 changed files with 20 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
winsup/cygwin/spawn.cc
View File

@ -602,31 +602,22 @@ child_info_spawn::worker (const char *prog_arg, const char *const *argv,
if (mode == _P_OVERLAY) if (mode == _P_OVERLAY)
myself.set_acl(); myself.set_acl();
WCHAR wstname[1024] = { L'\0' }; HWINSTA hwst = NULL;
HWINSTA hwst_orig = NULL, hwst = NULL; HWINSTA hwst_orig = GetProcessWindowStation ();
HDESK hdsk_orig = NULL, hdsk = NULL; HDESK hdsk = NULL;
PSECURITY_ATTRIBUTES sa; HDESK hdsk_orig = GetThreadDesktop (GetCurrentThreadId ());
DWORD n; /* Don't create WindowStation and Desktop for restricted child. */
if (!::cygheap->user.setuid_to_restricted)
hwst_orig = GetProcessWindowStation ();
hdsk_orig = GetThreadDesktop (GetCurrentThreadId ());
GetUserObjectInformationW (hwst_orig, UOI_NAME, wstname, 1024, &n);
/* Prior to Vista it was possible to start a service with the
"Interact with desktop" flag. This started the service in the
interactive window station of the console. A big security
risk, but we don't want to disable this behaviour for older
OSes because it's still heavily used by some users. They have
been warned. */
if (!::cygheap->user.setuid_to_restricted
&& wcscasecmp (wstname, L"WinSta0") != 0)
{ {
PSECURITY_ATTRIBUTES sa;
WCHAR sid[128]; WCHAR sid[128];
WCHAR wstname[1024] = { L'\0' };
sa = sec_user ((PSECURITY_ATTRIBUTES) alloca (1024), sa = sec_user ((PSECURITY_ATTRIBUTES) alloca (1024),
::cygheap->user.sid ()); ::cygheap->user.sid ());
/* We're creating a window station per user, not per logon session. /* We're creating a window station per user, not per logon
First of all we might not have a valid logon session for session First of all we might not have a valid logon session
the user (logon by create_token), and second, it doesn't for the user (logon by create_token), and second, it doesn't
make sense in terms of security to create a new window make sense in terms of security to create a new window
station for every logon of the same user. It just fills up station for every logon of the same user. It just fills up
the system with window stations for no good reason. */ the system with window stations for no good reason. */
@ -688,10 +679,11 @@ child_info_spawn::worker (const char *prog_arg, const char *const *argv,
myself->exec_sendsig = NULL; myself->exec_sendsig = NULL;
} }
myself->process_state &= ~PID_NOTCYGWIN; myself->process_state &= ~PID_NOTCYGWIN;
/* Reset handle inheritance to default when the execution of a non-Cygwin /* Reset handle inheritance to default when the execution of a'
process fails. Only need to do this for _P_OVERLAY since the handle will non-Cygwin process fails. Only need to do this for _P_OVERLAY
be closed otherwise. Don't need to do this for 'parent' since it will since the handle will be closed otherwise. Don't need to do
be closed in every case. See FIXME above. */ this for 'parent' since it will be closed in every case.
See FIXME above. */
if (!iscygwin () && mode == _P_OVERLAY) if (!iscygwin () && mode == _P_OVERLAY)
SetHandleInformation (wr_proc_pipe, HANDLE_FLAG_INHERIT, SetHandleInformation (wr_proc_pipe, HANDLE_FLAG_INHERIT,
HANDLE_FLAG_INHERIT); HANDLE_FLAG_INHERIT);
@ -721,7 +713,7 @@ child_info_spawn::worker (const char *prog_arg, const char *const *argv,
else else
cygpid = myself->pid; cygpid = myself->pid;
/* We print the original program name here so the user can see that too. */ /* Print the original program name here so the user can see that too. */
syscall_printf ("pid %d, prog_arg %s, cmd line %.9500s)", syscall_printf ("pid %d, prog_arg %s, cmd line %.9500s)",
rc ? cygpid : (unsigned int) -1, prog_arg, (const char *) cmd); rc ? cygpid : (unsigned int) -1, prog_arg, (const char *) cmd);
@ -758,8 +750,8 @@ child_info_spawn::worker (const char *prog_arg, const char *const *argv,
real_path.get_wide_win32_path (child->progname); real_path.get_wide_win32_path (child->progname);
/* FIXME: This introduces an unreferenced, open handle into the child. /* FIXME: This introduces an unreferenced, open handle into the child.
The purpose is to keep the pid shared memory open so that all of The purpose is to keep the pid shared memory open so that all of
the fields filled out by child.remember do not disappear and so there the fields filled out by child.remember do not disappear and so
is not a brief period during which the pid is not available. there is not a brief period during which the pid is not available.
However, we should try to find another way to do this eventually. */ However, we should try to find another way to do this eventually. */
DuplicateHandle (GetCurrentProcess (), child.shared_handle (), DuplicateHandle (GetCurrentProcess (), child.shared_handle (),
pi.hProcess, NULL, 0, 0, DUPLICATE_SAME_ACCESS); pi.hProcess, NULL, 0, 0, DUPLICATE_SAME_ACCESS);