NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commitda8d684

committed

Add inheritable ACE when creating a restricted token for execution on

Win32.Also refactor the code around it to be more clear.Jesse Morris

1 parentef679ff commitda8d684Copy full SHA for da8d684

File tree

5 files changed

+27

-38

lines changed

src
- bin
  - initdb
    - initdb.c
  - pg_ctl
    - pg_ctl.c
- include
  - port.h
- port
  - exec.c
- test/regress
  - pg_regress.c

5 files changed

+27

-38

lines changed

`‎src/bin/initdb/initdb.c`

Lines changed: 5 additions & 5 deletions

Original file line number	Diff line number	Diff line change
`@@ -42,7 +42,7 @@`
`42`	`42`	`* Portions Copyright (c) 1994, Regents of the University of California`
`43`	`43`	`* Portions taken from FreeBSD.`
`44`	`44`	`*`
`45`		`- * $PostgreSQL: pgsql/src/bin/initdb/initdb.c,v 1.176 2009/11/12 02:46:16 tgl Exp $`
	`45`	`+ * $PostgreSQL: pgsql/src/bin/initdb/initdb.c,v 1.177 2009/11/14 15:39:36 mha Exp $`
`46`	`46`	`*`
`47`	`47`	`*-------------------------------------------------------------------------`
`48`	`48`	`*/`
`@@ -2354,6 +2354,10 @@ CreateRestrictedProcess(char cmd, PROCESS_INFORMATION processInfo)`
`2354`	`2354`	`return0;`
`2355`	`2355`	`}`
`2356`	`2356`
	`2357`	`+#ifndef__CYGWIN__`
	`2358`	`+AddUserToTokenDacl(restrictedToken);`
	`2359`	`+#endif`
	`2360`	`+`
`2357`	`2361`	`if (!CreateProcessAsUser(restrictedToken,`
`2358`	`2362`	`NULL,`
`2359`	`2363`	`cmd,`
`@@ -2371,10 +2375,6 @@ CreateRestrictedProcess(char cmd, PROCESS_INFORMATION processInfo)`
`2371`	`2375`	`return0;`
`2372`	`2376`	`}`
`2373`	`2377`
`2374`		`-#ifndef__CYGWIN__`
`2375`		`-AddUserToDacl(processInfo->hProcess);`
`2376`		`-#endif`
`2377`		`-`
`2378`	`2378`	`returnResumeThread(processInfo->hThread);`
`2379`	`2379`	`}`
`2380`	`2380`	`#endif`

`‎src/bin/pg_ctl/pg_ctl.c`

Lines changed: 5 additions & 4 deletions

Original file line number	Diff line number	Diff line change
`@@ -4,7 +4,7 @@`
`4`	`4`	`*`
`5`	`5`	`* Portions Copyright (c) 1996-2009, PostgreSQL Global Development Group`
`6`	`6`	`*`
`7`		`- * $PostgreSQL: pgsql/src/bin/pg_ctl/pg_ctl.c,v 1.114 2009/09/07 11:22:12 mha Exp $`
	`7`	`+ * $PostgreSQL: pgsql/src/bin/pg_ctl/pg_ctl.c,v 1.115 2009/11/14 15:39:36 mha Exp $`
`8`	`8`	`*`
`9`	`9`	`*-------------------------------------------------------------------------`
`10`	`10`	`*/`
`@@ -1405,6 +1405,10 @@ CreateRestrictedProcess(char cmd, PROCESS_INFORMATION processInfo, bool as_ser`
`1405`	`1405`	`return0;`
`1406`	`1406`	`}`
`1407`	`1407`
	`1408`	`+#ifndef__CYGWIN__`
	`1409`	`+AddUserToTokenDacl(restrictedToken);`
	`1410`	`+#endif`
	`1411`	`+`
`1408`	`1412`	`r=CreateProcessAsUser(restrictedToken,NULL,cmd,NULL,NULL, TRUE,CREATE_SUSPENDED,NULL,NULL,&si,processInfo);`
`1409`	`1413`
`1410`	`1414`	`Kernel32Handle=LoadLibrary("KERNEL32.DLL");`
`@@ -1503,9 +1507,6 @@ CreateRestrictedProcess(char cmd, PROCESS_INFORMATION processInfo, bool as_ser`
`1503`	`1507`	`}`
`1504`	`1508`	`}`
`1505`	`1509`
`1506`		`-#ifndef__CYGWIN__`
`1507`		`-AddUserToDacl(processInfo->hProcess);`
`1508`		`-#endif`
`1509`	`1510`
`1510`	`1511`	`CloseHandle(restrictedToken);`
`1511`	`1512`

`‎src/include/port.h`

Lines changed: 2 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -6,7 +6,7 @@`
`6`	`6`	`* Portions Copyright (c) 1996-2009, PostgreSQL Global Development Group`
`7`	`7`	`* Portions Copyright (c) 1994, Regents of the University of California`
`8`	`8`	`*`
`9`		`- * $PostgreSQL: pgsql/src/include/port.h,v 1.126 2009/07/16 17:43:52 tgl Exp $`
	`9`	`+ * $PostgreSQL: pgsql/src/include/port.h,v 1.127 2009/11/14 15:39:36 mha Exp $`
`10`	`10`	`*`
`11`	`11`	`*-------------------------------------------------------------------------`
`12`	`12`	`*/`
`@@ -81,7 +81,7 @@ extern int find_other_exec(const char argv0, const char target,`
`81`	`81`
`82`	`82`	`/* Windows security token manipulation (in exec.c) */`
`83`	`83`	`#ifdefWIN32`
`84`		`-externBOOLAddUserToDacl(HANDLEhProcess);`
	`84`	`+externBOOLAddUserToTokenDacl(HANDLEhToken);`
`85`	`85`	`#endif`
`86`	`86`
`87`	`87`

`‎src/port/exec.c`

Lines changed: 10 additions & 22 deletions

Original file line number	Diff line number	Diff line change
`@@ -9,7 +9,7 @@`
`9`	`9`	`*`
`10`	`10`	`*`
`11`	`11`	`* IDENTIFICATION`
`12`		`- * $PostgreSQL: pgsql/src/port/exec.c,v 1.64 2009/07/27 08:46:10 mha Exp $`
	`12`	`+ * $PostgreSQL: pgsql/src/port/exec.c,v 1.65 2009/11/14 15:39:36 mha Exp $`
`13`	`13`	`*`
`14`	`14`	`*-------------------------------------------------------------------------`
`15`	`15`	`*/`
`@@ -664,11 +664,10 @@ set_pglocale_pgservice(const char argv0, const char app)`
`664`	`664`	`#ifdefWIN32`
`665`	`665`
`666`	`666`	`/*`
`667`		`- *AddUserToDacl(HANDLEhProcess)`
	`667`	`+ *AddUserToTokenDacl(HANDLEhToken)`
`668`	`668`	`*`
`669`		`- * This function adds the current user account to the default DACL`
`670`		`- * which gets attached to the restricted token used when we create`
`671`		`- * a restricted process.`
	`669`	`+ * This function adds the current user account to the restricted`
	`670`	`+ * token used when we create a restricted process.`
`672`	`671`	`*`
`673`	`672`	`* This is required because of some security changes in Windows`
`674`	`673`	`* that appeared in patches to XP/2K3 and in Vista/2008.`
`@@ -681,35 +680,27 @@ set_pglocale_pgservice(const char argv0, const char app)`
`681`	`680`	`* and CreateProcess() calls when running as Administrator.`
`682`	`681`	`*`
`683`	`682`	`* This function fixes this problem by modifying the DACL of the`
`684`		`- *specifiedprocess and explicitly re-adding the current user account.`
`685`		`- * This is still secure because the Administrator account inherits it's`
`686`		`- * privileges from the Administrators group - it doesn't have any of`
`687`		`- *it's own.`
	`683`	`+ *token theprocesswill use,and explicitly re-adding the current`
	`684`	`+ *user account.This is still secure because the Administrator account`
	`685`	`+ *inherits itsprivileges from the Administrators group - it doesn't`
	`686`	`+ *have any of its own.`
`688`	`687`	`*/`
`689`	`688`	`BOOL`
`690`		`-AddUserToDacl(HANDLEhProcess)`
	`689`	`+AddUserToTokenDacl(HANDLEhToken)`
`691`	`690`	`{`
`692`	`691`	`inti;`
`693`	`692`	`ACL_SIZE_INFORMATIONasi;`
`694`	`693`	`ACCESS_ALLOWED_ACE*pace;`
`695`	`694`	`DWORDdwNewAclSize;`
`696`	`695`	`DWORDdwSize=0;`
`697`	`696`	`DWORDdwTokenInfoLength=0;`
`698`		`-HANDLEhToken=NULL;`
`699`	`697`	`PACLpacl=NULL;`
`700`	`698`	`PTOKEN_USERpTokenUser=NULL;`
`701`	`699`	`TOKEN_DEFAULT_DACLtddNew;`
`702`	`700`	`TOKEN_DEFAULT_DACL*ptdd=NULL;`
`703`	`701`	`TOKEN_INFORMATION_CLASStic=TokenDefaultDacl;`
`704`	`702`	`BOOLret= FALSE;`
`705`	`703`
`706`		`-/* Get the token for the process */`
`707`		`-if (!OpenProcessToken(hProcess,TOKEN_QUERY \|TOKEN_ADJUST_DEFAULT,&hToken))`
`708`		`-{`
`709`		`-log_error("could not open process token: %lu",GetLastError());`
`710`		`-gotocleanup;`
`711`		`-}`
`712`		`-`
`713`	`704`	`/* Figure out the buffer size for the DACL info */`
`714`	`705`	`if (!GetTokenInformation(hToken,tic, (LPVOID)NULL,dwTokenInfoLength,&dwSize))`
`715`	`706`	`{`
`@@ -789,7 +780,7 @@ AddUserToDacl(HANDLE hProcess)`
`789`	`780`	`}`
`790`	`781`
`791`	`782`	`/* Add the new ACE for the current user */`
`792`		`-if (!AddAccessAllowedAce(pacl,ACL_REVISION,GENERIC_ALL,pTokenUser->User.Sid))`
	`783`	`+if (!AddAccessAllowedAceEx(pacl,ACL_REVISION,OBJECT_INHERIT_ACE,GENERIC_ALL,pTokenUser->User.Sid))`
`793`	`784`	`{`
`794`	`785`	`log_error("could not add access allowed ACE: %lu",GetLastError());`
`795`	`786`	`gotocleanup;`
`@@ -816,9 +807,6 @@ AddUserToDacl(HANDLE hProcess)`
`816`	`807`	`if (ptdd)`
`817`	`808`	`LocalFree((HLOCAL)ptdd);`
`818`	`809`
`819`		`-if (hToken)`
`820`		`-CloseHandle(hToken);`
`821`		`-`
`822`	`810`	`returnret;`
`823`	`811`	`}`
`824`	`812`

`‎src/test/regress/pg_regress.c`

Lines changed: 5 additions & 5 deletions

Original file line number	Diff line number	Diff line change
`@@ -11,7 +11,7 @@`
`11`	`11`	`* Portions Copyright (c) 1996-2009, PostgreSQL Global Development Group`
`12`	`12`	`* Portions Copyright (c) 1994, Regents of the University of California`
`13`	`13`	`*`
`14`		`- * $PostgreSQL: pgsql/src/test/regress/pg_regress.c,v 1.64 2009/08/18 10:30:41 teodor Exp $`
	`14`	`+ * $PostgreSQL: pgsql/src/test/regress/pg_regress.c,v 1.65 2009/11/14 15:39:36 mha Exp $`
`15`	`15`	`*`
`16`	`16`	`*-------------------------------------------------------------------------`
`17`	`17`	`*/`
`@@ -1021,6 +1021,10 @@ spawn_process(const char *cmdline)`
`1021`	`1021`	`cmdline2=malloc(strlen(cmdline)+8);`
`1022`	`1022`	`sprintf(cmdline2,"cmd /c %s",cmdline);`
`1023`	`1023`
	`1024`	`+#ifndef__CYGWIN__`
	`1025`	`+AddUserToTokenDacl(restrictedToken);`
	`1026`	`+#endif`
	`1027`	`+`
`1024`	`1028`	`if (!CreateProcessAsUser(restrictedToken,`
`1025`	`1029`	`NULL,`
`1026`	`1030`	`cmdline2,`
`@@ -1038,10 +1042,6 @@ spawn_process(const char *cmdline)`
`1038`	`1042`	`exit_nicely(2);`
`1039`	`1043`	`}`
`1040`	`1044`
`1041`		`-#ifndef__CYGWIN__`
`1042`		`-AddUserToDacl(pi.hProcess);`
`1043`		`-#endif`
`1044`		`-`
`1045`	`1045`	`free(cmdline2);`
`1046`	`1046`
`1047`	`1047`	`ResumeThread(pi.hThread);`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commitda8d684

File tree

5 files changed

5 files changed

`‎src/bin/initdb/initdb.c`

`‎src/bin/pg_ctl/pg_ctl.c`

`‎src/include/port.h`

`‎src/port/exec.c`

`‎src/test/regress/pg_regress.c`

0 commit comments