diff options
Diffstat (limited to 'winsup/cygwin/cygserver.cc')
-rwxr-xr-x | winsup/cygwin/cygserver.cc | 87 |
1 files changed, 51 insertions, 36 deletions
diff --git a/winsup/cygwin/cygserver.cc b/winsup/cygwin/cygserver.cc index e76d24589dd..a1fa756e9be 100755 --- a/winsup/cygwin/cygserver.cc +++ b/winsup/cygwin/cygserver.cc @@ -166,49 +166,57 @@ check_and_dup_handle (HANDLE from_process, HANDLE to_process, { HANDLE local_handle = NULL; int ret_val = EACCES; - char sd_buf [1024]; - PSECURITY_DESCRIPTOR sd = (PSECURITY_DESCRIPTOR) &sd_buf; - DWORD bytes_needed; - PRIVILEGE_SET ps; - DWORD ps_len = sizeof (ps); - BOOL status; if (from_process != GetCurrentProcess ()) { + if (!DuplicateHandle (from_process, from_handle, + GetCurrentProcess (), &local_handle, + 0, bInheritHandle, + DUPLICATE_SAME_ACCESS)) + { + system_printf ("error getting handle(%u) to server (%lu)", + (unsigned int)from_handle, GetLastError ()); + goto out; + } + } else + local_handle = from_handle; - if (!DuplicateHandle (from_process, from_handle, - GetCurrentProcess (), &local_handle, - 0, bInheritHandle, - DUPLICATE_SAME_ACCESS)) - { - system_printf ("error getting handle(%u) to server (%lu)", - (unsigned int)from_handle, GetLastError ()); - goto out; - } -} else - local_handle = from_handle; - - if (!GetKernelObjectSecurity (local_handle, - OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION, - sd, sizeof (sd_buf), &bytes_needed)) + if (!wincap.has_security ()) + assert (!from_process_token); + else { - system_printf ("error getting handle SD (%lu)", GetLastError ()); - goto out; - } + char sd_buf [1024]; + PSECURITY_DESCRIPTOR sd = (PSECURITY_DESCRIPTOR) &sd_buf; + DWORD bytes_needed; + PRIVILEGE_SET ps; + DWORD ps_len = sizeof (ps); + BOOL status; + + if (!GetKernelObjectSecurity (local_handle, + (OWNER_SECURITY_INFORMATION + | GROUP_SECURITY_INFORMATION + | DACL_SECURITY_INFORMATION), + sd, sizeof (sd_buf), &bytes_needed)) + { + system_printf ("error getting handle SD (%lu)", GetLastError ()); + goto out; + } - MapGenericMask (&access, &access_mapping); + MapGenericMask (&access, &access_mapping); - if (!AccessCheck (sd, from_process_token, access, &access_mapping, - &ps, &ps_len, &access, &status)) - { - system_printf ("error checking access rights (%lu)", GetLastError ()); - goto out; - } + if (!AccessCheck (sd, from_process_token, access, &access_mapping, + &ps, &ps_len, &access, &status)) + { + system_printf ("error checking access rights (%lu)", + GetLastError ()); + goto out; + } - if (!status) - { - system_printf ("access to object denied"); - goto out; + if (!status) + { + system_printf ("access to object denied"); + goto out; + } } if (!DuplicateHandle (from_process, from_handle, @@ -222,7 +230,7 @@ check_and_dup_handle (HANDLE from_process, HANDLE to_process, ret_val = 0; -out: + out: if (local_handle && from_process != GetCurrentProcess ()) CloseHandle (local_handle); @@ -246,6 +254,13 @@ client_request_attach_tty::serve(transport_layer_base *conn, class process_cache HANDLE token_handle = NULL; DWORD rc; + if (!wincap.has_security ()) + { + debug_printf ("this should not be called in a system without security"); + header.error_code = EINVAL; + return; + } + if (header.cb != sizeof (req)) { header.error_code = EINVAL; |