Security patches
Pierre A. Humblet
Pierre.Humblet@ieee.org
Sun May 5 08:44:00 GMT 2002
At 09:54 AM 4/12/2002 +0200, Corinna Vinschen wrote:
>I hope you don't mind that I'm asking you to send the patch again
>to cygwin-patches, relative to the current CVS.
Getting back to security. I will resend the patches in independent,
self contained, installments as I recreate and retest.
These 3 are very minor.
Pierre
2002-05-05 Pierre Humblet <pierre.humblet@ieee.org>
* spawn.cc (spawn_guts): Move call to set_process_privilege()
to load_registry_hive().
* registry.cc (load_registry_hive): ditto.
* fork.cc (fork_parent): Call sec_user_nih() only once.
-------------- next part --------------
--- spawn.cc.orig Sun May 5 10:49:34 2002
+++ spawn.cc Sun May 5 11:04:14 2002
@@ -665,13 +665,6 @@
&& cygheap->user.token != INVALID_HANDLE_VALUE)
RevertToSelf ();
- static BOOL first_time = TRUE;
- if (first_time)
- {
- set_process_privilege (SE_RESTORE_NAME);
- first_time = FALSE;
- }
-
/* Load users registry hive. */
load_registry_hive (sid);
-------------- next part --------------
--- registry.cc.orig Sun May 5 11:00:52 2002
+++ registry.cc Sun May 5 11:02:16 2002
@@ -235,12 +235,13 @@
/* Check if user hive is already loaded. */
cygsid csid (psid);
csid.string (sid);
- if (!RegOpenKeyExA (HKEY_USERS, csid.string (sid), 0, KEY_READ, &hkey))
+ if (!RegOpenKeyExA (HKEY_USERS, sid, 0, KEY_READ, &hkey))
{
debug_printf ("User registry hive for %s already exists", sid);
RegCloseKey (hkey);
return;
}
+ set_process_privilege (SE_RESTORE_NAME);
if (get_registry_hive_path (psid, path))
{
strcat (path, "\\NTUSER.DAT");
-------------- next part --------------
--- fork.cc.orig Sun May 5 10:49:30 2002
+++ fork.cc Sun May 5 11:03:10 2002
@@ -466,6 +466,7 @@
#endif
char sa_buf[1024];
+ PSECURITY_ATTRIBUTES sec_attribs = sec_user_nih (sa_buf);
syscall_printf ("CreateProcess (%s, %s, 0, 0, 1, %x, 0, 0, %p, %p)",
myself->progname, myself->progname, c_flags, &si, &pi);
__malloc_lock (_reent_clib ());
@@ -473,8 +474,8 @@
newheap = cygheap_setup_for_child (&ch,cygheap->fdtab.need_fixup_before ());
rc = CreateProcess (myself->progname, /* image to run */
myself->progname, /* what we send in arg0 */
- sec_user_nih (sa_buf),
- sec_user_nih (sa_buf),
+ sec_attribs,
+ sec_attribs,
TRUE, /* inherit handles from parent */
c_flags,
NULL, /* environment filled in later */
More information about the Cygwin-patches
mailing list