Rob Shearman : server: When starting a new process, use the token from the calling process, if one exists.

Alexandre Julliard julliard at wine.codeweavers.com
Wed May 30 08:56:50 CDT 2007 

Module: wine
Branch: master
Commit: ec8624352152ff19c7976f3115ae4032d303816e
URL:    http://source.winehq.org/git/wine.git/?a=commit;h=ec8624352152ff19c7976f3115ae4032d303816e

Author: Rob Shearman <rob at codeweavers.com>
Date:   Mon May 28 18:41:51 2007 +0100

server: When starting a new process, use the token from the calling process, if one exists.

---

 server/process.c |   13 ++++++++++---
 1 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/server/process.c b/server/process.c
index 092718f..d733031 100644
--- a/server/process.c
+++ b/server/process.c
@@ -282,7 +282,7 @@ struct thread *create_process( int fd, struct thread *parent_thread, int inherit
     process->ldt_copy        = NULL;
     process->winstation      = 0;
     process->desktop         = 0;
-    process->token           = token_create_admin();
+    process->token           = NULL;
     process->trace_data      = 0;
     list_init( &process->thread_list );
     list_init( &process->locks );
@@ -301,15 +301,22 @@ struct thread *create_process( int fd, struct thread *parent_thread, int inherit
     if (!(process->msg_fd = create_anonymous_fd( &process_fd_ops, fd, &process->obj, 0 ))) goto error;
 
     /* create the handle table */
-    if (!parent_thread) process->handles = alloc_handle_table( process, 0 );
+    if (!parent_thread)
+    {
+        process->handles = alloc_handle_table( process, 0 );
+        process->token = token_create_admin();
+    }
     else
     {
         struct process *parent = parent_thread->process;
         process->parent = (struct process *)grab_object( parent );
         process->handles = inherit_all ? copy_handle_table( process, parent )
                                        : alloc_handle_table( process, 0 );
+        /* Note: for security reasons, starting a new process does not attempt
+         * to use the current impersonation token for the new process */
+        process->token = token_duplicate( parent->token, TRUE, 0 );
     }
-    if (!process->handles) goto error;
+    if (!process->handles || !process->token) goto error;
 
     /* create the main thread */
     if (pipe( request_pipe ) == -1)

More information about the wine-cvs mailing list