nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-07-02 03:52:49 -05:00
Code Issues Projects Releases Wiki Activity

Make our process's ACL more restrictive.

Browse Source 
By default Windows processes have wide open ACLs which allow interference
by other processes running as the same user.  Adjust our ACL to make this
a bit harder.

Because it's useful to protect PuTTYtel as well, carve winsecur.c into
advapi functions and wincapi.c for crypt32 functions.
This commit is contained in:
Owen Dunn
2015-11-24 22:02:24 +00:00
parent aba7234bc1
commit 48db456801
7 changed files with 66 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
windows/winsecur.h
View File

@ -32,13 +32,6 @@ DECL_WINDOWS_FUNCTION(WINSECUR_GLOBAL, DWORD, SetEntriesInAclA,
(ULONG, PEXPLICIT_ACCESS, PACL, PACL *));
int got_advapi(void);
/*
* Functions loaded from crypt32.dll.
*/
DECL_WINDOWS_FUNCTION(WINSECUR_GLOBAL, BOOL, CryptProtectMemory,
(LPVOID, DWORD, DWORD));
int got_crypt(void);
/*
* Find the SID describing the current user. The return value (if not
* NULL for some error-related reason) is smalloced.
@ -60,4 +53,6 @@ int make_private_security_descriptor(DWORD permissions,
PACL *acl,
char **error);
int setprocessacl(char *error);
#endif