Cygwin: fork: fix child process permissions, take 2

VirtualQueryEx, called by fixup_mmaps_after_fork, requires PROCESS_QUERY_INFORMATION permissions per MSDN. However, testing shows that PROCESS_QUERY_LIMITED_INFORMATION is sufficient when running the same code on Windows 8.1 or Windows 10. Fix the code to give the forked child always PROCESS_QUERY_INFORMATION perms on Windows Vista/7 and respective server releases. Revert now unneeded patch to check_token_membership as well. Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-01-30 12:18:03 +01:00
parent a52396bd07
commit ef8ce3077f
3 changed files with 8 additions and 17 deletions
--- a/winsup/cygwin/sigproc.cc
+++ b/winsup/cygwin/sigproc.cc
@@ -819,12 +819,10 @@ child_info::child_info (unsigned in_cb, child_info_types chtype,
  if (type == _CH_FORK)
    {
      perms |= PROCESS_DUP_HANDLE;
-      /* For some reason fork on Windows 7 requires PROCESS_QUERY_INFORMATION
-	 rather than just PROCESS_QUERY_LIMITED_INFORMATION when started as a
-	 service. */
-      if (wincap.needs_query_information ()
-	  && (cygheap->user.saved_sid () == well_known_system_sid
-	      || check_token_membership (hProcToken, well_known_service_sid)))
+      /* VirtualQueryEx is documented to require PROCESS_QUERY_INFORMATION.
+	 That's true for Windows 7, but PROCESS_QUERY_LIMITED_INFORMATION
+	 appears to be sufficient on Windows 8 and later. */
+      if (wincap.needs_query_information ())
 	perms |= PROCESS_QUERY_INFORMATION;
    }