{Patch]: Giving access to pinfo after seteuid and exec

Pierre A. Humblet pierre@phumblet.no-ip.org
Fri Sep 26 13:41:00 GMT 2003


Corinna Vinschen wrote:
> 
> On Thu, Sep 25, 2003 at 09:47:48PM -0400, Pierre A. Humblet wrote:
> > This patch sets the _pinfo acl in order to allow access after
> > seteuid and exec.
> >
> > While looking at spawn.cc I also noticed oddities in pinfo related
> > error handling, and reworked them. I also restored impersonation in
> > case of CreateProcessAsUser failure.
> 
> Looks ok except for:
> 
> > @@ -42,9 +43,9 @@ pinfo_fixup_after_fork ()
> >  {
> >    if (hexec_proc)
> >      CloseHandle (hexec_proc);
> > -
> > +  /* Keeps the cygpid from being reused. No rights required */
> >    if (!DuplicateHandle (hMainProc, hMainProc, hMainProc, &hexec_proc, 0,
> > -                     TRUE, DUPLICATE_SAME_ACCESS))
> > +                     TRUE, 0))
> >      {
> >        system_printf ("couldn't save current process handle %p, %E", hMainProc);
> >        hexec_proc = NULL;
> 
> Somehow I'm missing a description why that's necessary and the
> implications.
> 
I am getting paranoid. Most often we duplicate DUPLICATE_SAME_ACCESS
without thinking about what access is really needed. It would be a good
discipline to ask ourselves what is needed and give just that. Here nothing
is needed at all. 
Also, if you use sysinternals you can see the access mask. Setting it
properly creates differentiating features that help distinguish between
all the handles.


Pierre



More information about the Cygwin-patches mailing list