Skip to content

Commit da8d684

Browse files
mhagandermhagander
committed
Add inheritable ACE when creating a restricted token for execution on
Win32. Also refactor the code around it to be more clear. Jesse Morris
1 parent ef679ff commit da8d684

File tree

5 files changed

+27
-38
lines changed

5 files changed

+27
-38
lines changed

src/bin/initdb/initdb.c

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -42,7 +42,7 @@
4242
* Portions Copyright (c) 1994, Regents of the University of California
4343
* Portions taken from FreeBSD.
4444
*
45-
* $PostgreSQL: pgsql/src/bin/initdb/initdb.c,v 1.176 2009/11/12 02:46:16 tgl Exp $
45+
* $PostgreSQL: pgsql/src/bin/initdb/initdb.c,v 1.177 2009/11/14 15:39:36 mha Exp $
4646
*
4747
*-------------------------------------------------------------------------
4848
*/
@@ -2354,6 +2354,10 @@ CreateRestrictedProcess(char *cmd, PROCESS_INFORMATION *processInfo)
23542354
return 0;
23552355
}
23562356

2357+
#ifndef __CYGWIN__
2358+
AddUserToTokenDacl(restrictedToken);
2359+
#endif
2360+
23572361
if (!CreateProcessAsUser(restrictedToken,
23582362
NULL,
23592363
cmd,
@@ -2371,10 +2375,6 @@ CreateRestrictedProcess(char *cmd, PROCESS_INFORMATION *processInfo)
23712375
return 0;
23722376
}
23732377

2374-
#ifndef __CYGWIN__
2375-
AddUserToDacl(processInfo->hProcess);
2376-
#endif
2377-
23782378
return ResumeThread(processInfo->hThread);
23792379
}
23802380
#endif

src/bin/pg_ctl/pg_ctl.c

Lines changed: 5 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@
44
*
55
* Portions Copyright (c) 1996-2009, PostgreSQL Global Development Group
66
*
7-
* $PostgreSQL: pgsql/src/bin/pg_ctl/pg_ctl.c,v 1.114 2009/09/07 11:22:12 mha Exp $
7+
* $PostgreSQL: pgsql/src/bin/pg_ctl/pg_ctl.c,v 1.115 2009/11/14 15:39:36 mha Exp $
88
*
99
*-------------------------------------------------------------------------
1010
*/
@@ -1405,6 +1405,10 @@ CreateRestrictedProcess(char *cmd, PROCESS_INFORMATION *processInfo, bool as_ser
14051405
return 0;
14061406
}
14071407

1408+
#ifndef __CYGWIN__
1409+
AddUserToTokenDacl(restrictedToken);
1410+
#endif
1411+
14081412
r = CreateProcessAsUser(restrictedToken, NULL, cmd, NULL, NULL, TRUE, CREATE_SUSPENDED, NULL, NULL, &si, processInfo);
14091413

14101414
Kernel32Handle = LoadLibrary("KERNEL32.DLL");
@@ -1503,9 +1507,6 @@ CreateRestrictedProcess(char *cmd, PROCESS_INFORMATION *processInfo, bool as_ser
15031507
}
15041508
}
15051509

1506-
#ifndef __CYGWIN__
1507-
AddUserToDacl(processInfo->hProcess);
1508-
#endif
15091510

15101511
CloseHandle(restrictedToken);
15111512

src/include/port.h

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@
66
* Portions Copyright (c) 1996-2009, PostgreSQL Global Development Group
77
* Portions Copyright (c) 1994, Regents of the University of California
88
*
9-
* $PostgreSQL: pgsql/src/include/port.h,v 1.126 2009/07/16 17:43:52 tgl Exp $
9+
* $PostgreSQL: pgsql/src/include/port.h,v 1.127 2009/11/14 15:39:36 mha Exp $
1010
*
1111
*-------------------------------------------------------------------------
1212
*/
@@ -81,7 +81,7 @@ extern int find_other_exec(const char *argv0, const char *target,
8181

8282
/* Windows security token manipulation (in exec.c) */
8383
#ifdef WIN32
84-
extern BOOL AddUserToDacl(HANDLE hProcess);
84+
extern BOOL AddUserToTokenDacl(HANDLE hToken);
8585
#endif
8686

8787

src/port/exec.c

Lines changed: 10 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@
99
*
1010
*
1111
* IDENTIFICATION
12-
* $PostgreSQL: pgsql/src/port/exec.c,v 1.64 2009/07/27 08:46:10 mha Exp $
12+
* $PostgreSQL: pgsql/src/port/exec.c,v 1.65 2009/11/14 15:39:36 mha Exp $
1313
*
1414
*-------------------------------------------------------------------------
1515
*/
@@ -664,11 +664,10 @@ set_pglocale_pgservice(const char *argv0, const char *app)
664664
#ifdef WIN32
665665

666666
/*
667-
* AddUserToDacl(HANDLE hProcess)
667+
* AddUserToTokenDacl(HANDLE hToken)
668668
*
669-
* This function adds the current user account to the default DACL
670-
* which gets attached to the restricted token used when we create
671-
* a restricted process.
669+
* This function adds the current user account to the restricted
670+
* token used when we create a restricted process.
672671
*
673672
* This is required because of some security changes in Windows
674673
* that appeared in patches to XP/2K3 and in Vista/2008.
@@ -681,35 +680,27 @@ set_pglocale_pgservice(const char *argv0, const char *app)
681680
* and CreateProcess() calls when running as Administrator.
682681
*
683682
* This function fixes this problem by modifying the DACL of the
684-
* specified process and explicitly re-adding the current user account.
685-
* This is still secure because the Administrator account inherits it's
686-
* privileges from the Administrators group - it doesn't have any of
687-
* it's own.
683+
* token the process will use, and explicitly re-adding the current
684+
* user account. This is still secure because the Administrator account
685+
* inherits its privileges from the Administrators group - it doesn't
686+
* have any of its own.
688687
*/
689688
BOOL
690-
AddUserToDacl(HANDLE hProcess)
689+
AddUserToTokenDacl(HANDLE hToken)
691690
{
692691
int i;
693692
ACL_SIZE_INFORMATION asi;
694693
ACCESS_ALLOWED_ACE *pace;
695694
DWORD dwNewAclSize;
696695
DWORD dwSize = 0;
697696
DWORD dwTokenInfoLength = 0;
698-
HANDLE hToken = NULL;
699697
PACL pacl = NULL;
700698
PTOKEN_USER pTokenUser = NULL;
701699
TOKEN_DEFAULT_DACL tddNew;
702700
TOKEN_DEFAULT_DACL *ptdd = NULL;
703701
TOKEN_INFORMATION_CLASS tic = TokenDefaultDacl;
704702
BOOL ret = FALSE;
705703

706-
/* Get the token for the process */
707-
if (!OpenProcessToken(hProcess, TOKEN_QUERY | TOKEN_ADJUST_DEFAULT, &hToken))
708-
{
709-
log_error("could not open process token: %lu", GetLastError());
710-
goto cleanup;
711-
}
712-
713704
/* Figure out the buffer size for the DACL info */
714705
if (!GetTokenInformation(hToken, tic, (LPVOID) NULL, dwTokenInfoLength, &dwSize))
715706
{
@@ -789,7 +780,7 @@ AddUserToDacl(HANDLE hProcess)
789780
}
790781

791782
/* Add the new ACE for the current user */
792-
if (!AddAccessAllowedAce(pacl, ACL_REVISION, GENERIC_ALL, pTokenUser->User.Sid))
783+
if (!AddAccessAllowedAceEx(pacl, ACL_REVISION, OBJECT_INHERIT_ACE, GENERIC_ALL, pTokenUser->User.Sid))
793784
{
794785
log_error("could not add access allowed ACE: %lu", GetLastError());
795786
goto cleanup;
@@ -816,9 +807,6 @@ AddUserToDacl(HANDLE hProcess)
816807
if (ptdd)
817808
LocalFree((HLOCAL) ptdd);
818809

819-
if (hToken)
820-
CloseHandle(hToken);
821-
822810
return ret;
823811
}
824812

src/test/regress/pg_regress.c

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@
1111
* Portions Copyright (c) 1996-2009, PostgreSQL Global Development Group
1212
* Portions Copyright (c) 1994, Regents of the University of California
1313
*
14-
* $PostgreSQL: pgsql/src/test/regress/pg_regress.c,v 1.64 2009/08/18 10:30:41 teodor Exp $
14+
* $PostgreSQL: pgsql/src/test/regress/pg_regress.c,v 1.65 2009/11/14 15:39:36 mha Exp $
1515
*
1616
*-------------------------------------------------------------------------
1717
*/
@@ -1021,6 +1021,10 @@ spawn_process(const char *cmdline)
10211021
cmdline2 = malloc(strlen(cmdline) + 8);
10221022
sprintf(cmdline2, "cmd /c %s", cmdline);
10231023

1024+
#ifndef __CYGWIN__
1025+
AddUserToTokenDacl(restrictedToken);
1026+
#endif
1027+
10241028
if (!CreateProcessAsUser(restrictedToken,
10251029
NULL,
10261030
cmdline2,
@@ -1038,10 +1042,6 @@ spawn_process(const char *cmdline)
10381042
exit_nicely(2);
10391043
}
10401044

1041-
#ifndef __CYGWIN__
1042-
AddUserToDacl(pi.hProcess);
1043-
#endif
1044-
10451045
free(cmdline2);
10461046

10471047
ResumeThread(pi.hThread);

0 commit comments

Comments
 (0)