You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@commons.apache.org by mt...@apache.org on 2009/08/18 19:07:59 UTC
svn commit: r805499 - in
/commons/sandbox/runtime/trunk/src/main/native/os/win32: main.c platform.c
shm.c
Author: mturk
Date: Tue Aug 18 17:07:59 2009
New Revision: 805499
URL: http://svn.apache.org/viewvc?rev=805499&view=rev
Log:
Use less restictive SD
Modified:
commons/sandbox/runtime/trunk/src/main/native/os/win32/main.c
commons/sandbox/runtime/trunk/src/main/native/os/win32/platform.c
commons/sandbox/runtime/trunk/src/main/native/os/win32/shm.c
Modified: commons/sandbox/runtime/trunk/src/main/native/os/win32/main.c
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/os/win32/main.c?rev=805499&r1=805498&r2=805499&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/os/win32/main.c (original)
+++ commons/sandbox/runtime/trunk/src/main/native/os/win32/main.c Tue Aug 18 17:07:59 2009
@@ -51,6 +51,8 @@
PSECURITY_DESCRIPTOR acr_sd_filesys_admin = NULL;
PSECURITY_DESCRIPTOR acr_sd_generic_users = NULL;
PSECURITY_DESCRIPTOR acr_sd_filesys_users = NULL;
+PSECURITY_DESCRIPTOR acr_sd_generic_group = NULL;
+PSECURITY_DESCRIPTOR acr_sd_filesys_group = NULL;
typedef struct acr_thread_local_t {
JNIEnv *env;
Modified: commons/sandbox/runtime/trunk/src/main/native/os/win32/platform.c
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/os/win32/platform.c?rev=805499&r1=805498&r2=805499&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/os/win32/platform.c (original)
+++ commons/sandbox/runtime/trunk/src/main/native/os/win32/platform.c Tue Aug 18 17:07:59 2009
@@ -30,6 +30,8 @@
extern PSECURITY_DESCRIPTOR acr_sd_filesys_admin;
extern PSECURITY_DESCRIPTOR acr_sd_generic_users;
extern PSECURITY_DESCRIPTOR acr_sd_filesys_users;
+extern PSECURITY_DESCRIPTOR acr_sd_generic_group;
+extern PSECURITY_DESCRIPTOR acr_sd_filesys_group;
acr_size_t acr_page_size;
int acr_native_codepage = ACR_CP_DEFAULT;
@@ -84,6 +86,22 @@
FILE_GENERIC_READ | FILE_GENERIC_WRITE | FILE_GENERIC_EXECUTE,
0);
}
+ if (!acr_sd_generic_users) {
+ /* RWX access to Creator group */
+ acr_sd_generic_users = ACR_GetSecurityDescriptor(INVALID_HANDLE_VALUE,
+ GENERIC_ALL,
+ GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE,
+ GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE);
+ }
+ if (!acr_sd_filesys_users) {
+ /* RWX file access to Creator group */
+ acr_sd_filesys_users = ACR_GetSecurityDescriptor(INVALID_HANDLE_VALUE,
+ GENERIC_ALL | FILE_ALL_ACCESS,
+ GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE |
+ FILE_GENERIC_READ | FILE_GENERIC_WRITE | FILE_GENERIC_EXECUTE,
+ GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE |
+ FILE_GENERIC_READ | FILE_GENERIC_WRITE | FILE_GENERIC_EXECUTE);
+ }
return acr_ioh_init(ios);
}
Modified: commons/sandbox/runtime/trunk/src/main/native/os/win32/shm.c
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/os/win32/shm.c?rev=805499&r1=805498&r2=805499&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/os/win32/shm.c (original)
+++ commons/sandbox/runtime/trunk/src/main/native/os/win32/shm.c Tue Aug 18 17:07:59 2009
@@ -43,6 +43,8 @@
};
extern PSECURITY_DESCRIPTOR acr_sd_filesys_admin;
+extern PSECURITY_DESCRIPTOR acr_sd_filesys_users;
+extern PSECURITY_DESCRIPTOR acr_sd_filesys_group;
static int shm_cleanup(void *shm, int type, unsigned int flags)
{
@@ -147,7 +149,7 @@
/* Name-based shared memory */
else {
sa.nLength = sizeof(SECURITY_ATTRIBUTES);
- sa.lpSecurityDescriptor = acr_sd_filesys_admin;
+ sa.lpSecurityDescriptor = acr_sd_filesys_group;
sa.bInheritHandle = FALSE;
/* Do file backed, which is not an inherited handle
* While we could open APR_EXCL, it doesn't seem that Unix