firebird/firebird-mirror
firebird/firebird-mirror
8
0
Fork 1
mirror of https://github.com/FirebirdSQL/firebird.git synced 2025-01-23 22:43:04 +01:00
Code Issues

Fixed CORE-1301 : CLONE -fbclient.dll changes the security descriptor of the calling process

Browse Source
This commit is contained in:
hvlad 2007-06-09 22:07:05 +00:00
parent 5f44d81066
commit d63015a1f5
1 changed files with 31 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
src/jrd/isc.cpp
View File

@ -1124,31 +1124,43 @@ LPSECURITY_ATTRIBUTES ISC_get_security_desc()
// This is our first call. Ensure that our process has // This is our first call. Ensure that our process has
// the SYNCHRONIZE privilege granted to everyone. // the SYNCHRONIZE privilege granted to everyone.
SID_IDENTIFIER_AUTHORITY SIDAuth = SECURITY_WORLD_SID_AUTHORITY;
PSID pSID = NULL;
AllocateAndInitializeSid(&SIDAuth, 1, SECURITY_WORLD_RID,
0, 0, 0, 0, 0, 0, 0, &pSID);
EXPLICIT_ACCESS ea;
memset(&ea, 0, sizeof(EXPLICIT_ACCESS));
ea.grfAccessPermissions = SYNCHRONIZE;
ea.grfAccessMode = GRANT_ACCESS;
ea.grfInheritance = NO_INHERITANCE;
ea.Trustee.TrusteeForm = TRUSTEE_IS_SID;
ea.Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP;
ea.Trustee.ptstrName = (LPTSTR) pSID;
PACL pOldACL = NULL; PACL pOldACL = NULL;
GetSecurityInfo(GetCurrentProcess(), SE_KERNEL_OBJECT, GetSecurityInfo(GetCurrentProcess(), SE_KERNEL_OBJECT,
DACL_SECURITY_INFORMATION, DACL_SECURITY_INFORMATION,
NULL, NULL, &pOldACL, NULL, NULL); NULL, NULL, &pOldACL, NULL, NULL);
PACL pNewACL = NULL; // NULL pOldACL means all privileges. If we assign pNewACL in this case
SetEntriesInAcl(1, &ea, pOldACL, &pNewACL); // we'll lost all privileges except assigned SYNCHRONIZE
if (pOldACL)
{
SID_IDENTIFIER_AUTHORITY SIDAuth = SECURITY_WORLD_SID_AUTHORITY;
PSID pSID = NULL;
AllocateAndInitializeSid(&SIDAuth, 1, SECURITY_WORLD_RID,
0, 0, 0, 0, 0, 0, 0, &pSID);
SetSecurityInfo(GetCurrentProcess(), SE_KERNEL_OBJECT, EXPLICIT_ACCESS ea;
DACL_SECURITY_INFORMATION, memset(&ea, 0, sizeof(EXPLICIT_ACCESS));
NULL, NULL, pNewACL, NULL); ea.grfAccessPermissions = SYNCHRONIZE;
ea.grfAccessMode = GRANT_ACCESS;
ea.grfInheritance = NO_INHERITANCE;
ea.Trustee.TrusteeForm = TRUSTEE_IS_SID;
ea.Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP;
ea.Trustee.ptstrName = (LPTSTR) pSID;
PACL pNewACL = NULL;
SetEntriesInAcl(1, &ea, pOldACL, &pNewACL);
SetSecurityInfo(GetCurrentProcess(), SE_KERNEL_OBJECT,
DACL_SECURITY_INFORMATION,
NULL, NULL, pNewACL, NULL);
if (pSID) {
FreeSid(pSID);
}
if (pNewACL) {
LocalFree(pNewACL);
}
}
// Create and initialize the default security descriptor // Create and initialize the default security descriptor
// to be assigned to various IPC objects. // to be assigned to various IPC objects.