Add inheritable ACE when creating a restricted token for execution on
Win32. Also refactor the code around it to be more clear. Jesse Morris
This commit is contained in:
Magnus Hagander
parent
3b0d57eb39
commit
d509347c39
@ -42,7 +42,7 @@
|
||||
* Portions Copyright (c) 1994, Regents of the University of California
|
||||
* Portions taken from FreeBSD.
|
||||
*
|
||||
* $PostgreSQL: pgsql/src/bin/initdb/initdb.c,v 1.152.2.5 2009/03/31 18:58:38 mha Exp $
|
||||
* $PostgreSQL: pgsql/src/bin/initdb/initdb.c,v 1.152.2.6 2009/11/14 15:39:41 mha Exp $
|
||||
*
|
||||
*-------------------------------------------------------------------------
|
||||
*/
|
||||
@ -2344,6 +2344,10 @@ CreateRestrictedProcess(char *cmd, PROCESS_INFORMATION * processInfo)
|
||||
return 0;
|
||||
}
|
||||
|
||||
#ifndef __CYGWIN__
|
||||
AddUserToTokenDacl(restrictedToken);
|
||||
#endif
|
||||
|
||||
if (!CreateProcessAsUser(restrictedToken,
|
||||
NULL,
|
||||
cmd,
|
||||
@ -2361,10 +2365,6 @@ CreateRestrictedProcess(char *cmd, PROCESS_INFORMATION * processInfo)
|
||||
return 0;
|
||||
}
|
||||
|
||||
#ifndef __CYGWIN__
|
||||
AddUserToDacl(processInfo->hProcess);
|
||||
#endif
|
||||
|
||||
return ResumeThread(processInfo->hThread);
|
||||
}
|
||||
#endif
|
||||
|
||||
@ -4,7 +4,7 @@
|
||||
*
|
||||
* Portions Copyright (c) 1996-2008, PostgreSQL Global Development Group
|
||||
*
|
||||
* $PostgreSQL: pgsql/src/bin/pg_ctl/pg_ctl.c,v 1.92.2.7 2009/09/02 02:41:07 tgl Exp $
|
||||
* $PostgreSQL: pgsql/src/bin/pg_ctl/pg_ctl.c,v 1.92.2.8 2009/11/14 15:39:41 mha Exp $
|
||||
*
|
||||
*-------------------------------------------------------------------------
|
||||
*/
|
||||
@ -1396,6 +1396,10 @@ CreateRestrictedProcess(char *cmd, PROCESS_INFORMATION * processInfo, bool as_se
|
||||
return 0;
|
||||
}
|
||||
|
||||
#ifndef __CYGWIN__
|
||||
AddUserToTokenDacl(restrictedToken);
|
||||
#endif
|
||||
|
||||
r = CreateProcessAsUser(restrictedToken, NULL, cmd, NULL, NULL, TRUE, CREATE_SUSPENDED, NULL, NULL, &si, processInfo);
|
||||
|
||||
Kernel32Handle = LoadLibrary("KERNEL32.DLL");
|
||||
@ -1492,10 +1496,6 @@ CreateRestrictedProcess(char *cmd, PROCESS_INFORMATION * processInfo, bool as_se
|
||||
}
|
||||
}
|
||||
|
||||
#ifndef __CYGWIN__
|
||||
AddUserToDacl(processInfo->hProcess);
|
||||
#endif
|
||||
|
||||
CloseHandle(restrictedToken);
|
||||
|
||||
ResumeThread(processInfo->hThread);
|
||||
|
||||
@ -6,7 +6,7 @@
|
||||
* Portions Copyright (c) 1996-2008, PostgreSQL Global Development Group
|
||||
* Portions Copyright (c) 1994, Regents of the University of California
|
||||
*
|
||||
* $PostgreSQL: pgsql/src/include/port.h,v 1.116.2.5 2008/04/18 17:05:53 tgl Exp $
|
||||
* $PostgreSQL: pgsql/src/include/port.h,v 1.116.2.6 2009/11/14 15:39:41 mha Exp $
|
||||
*
|
||||
*-------------------------------------------------------------------------
|
||||
*/
|
||||
@ -80,7 +80,7 @@ extern int find_other_exec(const char *argv0, const char *target,
|
||||
|
||||
/* Windows security token manipulation (in exec.c) */
|
||||
#ifdef WIN32
|
||||
extern BOOL AddUserToDacl(HANDLE hProcess);
|
||||
extern BOOL AddUserToTokenDacl(HANDLE hToken);
|
||||
#endif
|
||||
|
||||
|
||||
|
||||
@ -9,7 +9,7 @@
|
||||
*
|
||||
*
|
||||
* IDENTIFICATION
|
||||
* $PostgreSQL: pgsql/src/port/exec.c,v 1.57.2.2 2008/03/31 01:32:01 tgl Exp $
|
||||
* $PostgreSQL: pgsql/src/port/exec.c,v 1.57.2.3 2009/11/14 15:39:41 mha Exp $
|
||||
*
|
||||
*-------------------------------------------------------------------------
|
||||
*/
|
||||
@ -664,11 +664,10 @@ set_pglocale_pgservice(const char *argv0, const char *app)
|
||||
#ifdef WIN32
|
||||
|
||||
/*
|
||||
* AddUserToDacl(HANDLE hProcess)
|
||||
* AddUserToTokenDacl(HANDLE hToken)
|
||||
*
|
||||
* This function adds the current user account to the default DACL
|
||||
* which gets attached to the restricted token used when we create
|
||||
* a restricted process.
|
||||
* This function adds the current user account to the restricted
|
||||
* token used when we create a restricted process.
|
||||
*
|
||||
* This is required because of some security changes in Windows
|
||||
* that appeared in patches to XP/2K3 and in Vista/2008.
|
||||
@ -681,13 +680,13 @@ set_pglocale_pgservice(const char *argv0, const char *app)
|
||||
* and CreateProcess() calls when running as Administrator.
|
||||
*
|
||||
* This function fixes this problem by modifying the DACL of the
|
||||
* specified process and explicitly re-adding the current user account.
|
||||
* This is still secure because the Administrator account inherits it's
|
||||
* privileges from the Administrators group - it doesn't have any of
|
||||
* it's own.
|
||||
* token the process will use, and explicitly re-adding the current
|
||||
* user account. This is still secure because the Administrator account
|
||||
* inherits its privileges from the Administrators group - it doesn't
|
||||
* have any of its own.
|
||||
*/
|
||||
BOOL
|
||||
AddUserToDacl(HANDLE hProcess)
|
||||
AddUserToTokenDacl(HANDLE hToken)
|
||||
{
|
||||
int i;
|
||||
ACL_SIZE_INFORMATION asi;
|
||||
@ -696,7 +695,6 @@ AddUserToDacl(HANDLE hProcess)
|
||||
DWORD dwSize = 0;
|
||||
DWORD dwTokenInfoLength = 0;
|
||||
DWORD dwResult = 0;
|
||||
HANDLE hToken = NULL;
|
||||
PACL pacl = NULL;
|
||||
PSID psidUser = NULL;
|
||||
TOKEN_DEFAULT_DACL tddNew;
|
||||
@ -704,13 +702,6 @@ AddUserToDacl(HANDLE hProcess)
|
||||
TOKEN_INFORMATION_CLASS tic = TokenDefaultDacl;
|
||||
BOOL ret = FALSE;
|
||||
|
||||
/* Get the token for the process */
|
||||
if (!OpenProcessToken(hProcess, TOKEN_QUERY | TOKEN_ADJUST_DEFAULT, &hToken))
|
||||
{
|
||||
log_error("could not open process token: %ui", GetLastError());
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
/* Figure out the buffer size for the DACL info */
|
||||
if (!GetTokenInformation(hToken, tic, (LPVOID) NULL, dwTokenInfoLength, &dwSize))
|
||||
{
|
||||
@ -786,7 +777,7 @@ AddUserToDacl(HANDLE hProcess)
|
||||
}
|
||||
|
||||
/* Add the new ACE for the current user */
|
||||
if (!AddAccessAllowedAce(pacl, ACL_REVISION, GENERIC_ALL, psidUser))
|
||||
if (!AddAccessAllowedAceEx(pacl, ACL_REVISION, OBJECT_INHERIT_ACE, GENERIC_ALL, psidUser))
|
||||
{
|
||||
log_error("could not add access allowed ACE: %ui", GetLastError());
|
||||
goto cleanup;
|
||||
@ -813,9 +804,6 @@ cleanup:
|
||||
if (ptdd)
|
||||
LocalFree((HLOCAL) ptdd);
|
||||
|
||||
if (hToken)
|
||||
CloseHandle(hToken);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
@ -11,7 +11,7 @@
|
||||
* Portions Copyright (c) 1996-2008, PostgreSQL Global Development Group
|
||||
* Portions Copyright (c) 1994, Regents of the University of California
|
||||
*
|
||||
* $PostgreSQL: pgsql/src/test/regress/pg_regress.c,v 1.41.2.3 2008/08/03 05:12:45 tgl Exp $
|
||||
* $PostgreSQL: pgsql/src/test/regress/pg_regress.c,v 1.41.2.4 2009/11/14 15:39:41 mha Exp $
|
||||
*
|
||||
*-------------------------------------------------------------------------
|
||||
*/
|
||||
@ -1009,6 +1009,10 @@ spawn_process(const char *cmdline)
|
||||
cmdline2 = malloc(strlen(cmdline) + 8);
|
||||
sprintf(cmdline2, "cmd /c %s", cmdline);
|
||||
|
||||
#ifndef __CYGWIN__
|
||||
AddUserToTokenDacl(restrictedToken);
|
||||
#endif
|
||||
|
||||
if (!CreateProcessAsUser(restrictedToken,
|
||||
NULL,
|
||||
cmdline2,
|
||||
@ -1026,10 +1030,6 @@ spawn_process(const char *cmdline)
|
||||
exit_nicely(2);
|
||||
}
|
||||
|
||||
#ifndef __CYGWIN__
|
||||
AddUserToDacl(pi.hProcess);
|
||||
#endif
|
||||
|
||||
free(cmdline2);
|
||||
|
||||
ResumeThread(pi.hThread);
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user