mirror of
https://git.tartarus.org/simon/putty.git
synced 2025-01-10 01:48:00 +00:00
Make our process's ACL more restrictive.
By default Windows processes have wide open ACLs which allow interference by other processes running as the same user. Adjust our ACL to make this a bit harder. Because it's useful to protect PuTTYtel as well, carve winsecur.c into advapi functions and wincapi.c for crypt32 functions.
This commit is contained in:
parent
aba7234bc1
commit
48db456801
4
Recipe
4
Recipe
@ -224,7 +224,7 @@ SSH = ssh sshcrc sshdes sshmd5 sshrsa sshrand sshsha sshblowf
|
|||||||
+ sshdh sshcrcda sshpubk sshzlib sshdss x11fwd portfwd
|
+ sshdh sshcrcda sshpubk sshzlib sshdss x11fwd portfwd
|
||||||
+ sshaes sshccp sshsh256 sshsh512 sshbn wildcard pinger ssharcf
|
+ sshaes sshccp sshsh256 sshsh512 sshbn wildcard pinger ssharcf
|
||||||
+ sshgssc pgssapi sshshare sshecc
|
+ sshgssc pgssapi sshshare sshecc
|
||||||
WINSSH = SSH winnoise winsecur winpgntc wingss winshare winnps winnpc
|
WINSSH = SSH winnoise wincapi winpgntc wingss winshare winnps winnpc
|
||||||
+ winhsock errsock
|
+ winhsock errsock
|
||||||
UXSSH = SSH uxnoise uxagentc uxgss uxshare
|
UXSSH = SSH uxnoise uxagentc uxgss uxshare
|
||||||
|
|
||||||
@ -235,7 +235,7 @@ SFTP = sftp int64 logging
|
|||||||
# Pageant or PuTTYgen).
|
# Pageant or PuTTYgen).
|
||||||
MISC = timing callback misc version settings tree234 proxy conf
|
MISC = timing callback misc version settings tree234 proxy conf
|
||||||
WINMISC = MISC winstore winnet winhandl cmdline windefs winmisc winproxy
|
WINMISC = MISC winstore winnet winhandl cmdline windefs winmisc winproxy
|
||||||
+ wintime winhsock errsock
|
+ wintime winhsock errsock winsecur
|
||||||
UXMISC = MISC uxstore uxsel uxnet uxpeer cmdline uxmisc uxproxy time
|
UXMISC = MISC uxstore uxsel uxnet uxpeer cmdline uxmisc uxproxy time
|
||||||
OSXMISC = MISC uxstore uxsel osxsel uxnet uxpeer uxmisc uxproxy time
|
OSXMISC = MISC uxstore uxsel osxsel uxnet uxpeer uxmisc uxproxy time
|
||||||
|
|
||||||
|
27
windows/wincapi.c
Normal file
27
windows/wincapi.c
Normal file
@ -0,0 +1,27 @@
|
|||||||
|
/*
|
||||||
|
* wincapi.c: implementation of wincapi.h.
|
||||||
|
*/
|
||||||
|
|
||||||
|
#include "putty.h"
|
||||||
|
|
||||||
|
#if !defined NO_SECURITY
|
||||||
|
|
||||||
|
#define WINCAPI_GLOBAL
|
||||||
|
#include "wincapi.h"
|
||||||
|
|
||||||
|
int got_crypt(void)
|
||||||
|
{
|
||||||
|
static int attempted = FALSE;
|
||||||
|
static int successful;
|
||||||
|
static HMODULE crypt;
|
||||||
|
|
||||||
|
if (!attempted) {
|
||||||
|
attempted = TRUE;
|
||||||
|
crypt = load_system32_dll("crypt32.dll");
|
||||||
|
successful = crypt &&
|
||||||
|
GET_WINDOWS_FUNCTION(crypt, CryptProtectMemory);
|
||||||
|
}
|
||||||
|
return successful;
|
||||||
|
}
|
||||||
|
|
||||||
|
#endif /* !defined NO_SECURITY */
|
18
windows/wincapi.h
Normal file
18
windows/wincapi.h
Normal file
@ -0,0 +1,18 @@
|
|||||||
|
/*
|
||||||
|
* wincapi.h: Windows Crypto API functions defined in wincrypt.c
|
||||||
|
* that use the crypt32 library. Also centralises the machinery
|
||||||
|
* for dynamically loading that library.
|
||||||
|
*/
|
||||||
|
|
||||||
|
#if !defined NO_SECURITY
|
||||||
|
|
||||||
|
#ifndef WINCAPI_GLOBAL
|
||||||
|
#define WINCAPI_GLOBAL extern
|
||||||
|
#endif
|
||||||
|
|
||||||
|
DECL_WINDOWS_FUNCTION(WINCAPI_GLOBAL, BOOL, CryptProtectMemory,
|
||||||
|
(LPVOID,DWORD,DWORD));
|
||||||
|
|
||||||
|
int got_crypt(void);
|
||||||
|
|
||||||
|
#endif
|
@ -19,6 +19,7 @@
|
|||||||
#include "terminal.h"
|
#include "terminal.h"
|
||||||
#include "storage.h"
|
#include "storage.h"
|
||||||
#include "win_res.h"
|
#include "win_res.h"
|
||||||
|
#include "winsecur.h"
|
||||||
|
|
||||||
#ifndef NO_MULTIMON
|
#ifndef NO_MULTIMON
|
||||||
#include <multimon.h>
|
#include <multimon.h>
|
||||||
@ -390,6 +391,20 @@ int WINAPI WinMain(HINSTANCE inst, HINSTANCE prev, LPSTR cmdline, int show)
|
|||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Protect our process
|
||||||
|
*/
|
||||||
|
{
|
||||||
|
char *error = NULL;
|
||||||
|
|
||||||
|
if (! setprocessacl(error)) {
|
||||||
|
/* FIXME: prepare to stuff this into event log somehow */
|
||||||
|
MessageBox(NULL, "Process protection",
|
||||||
|
error, MB_OK | MB_ICONEXCLAMATION);
|
||||||
|
}
|
||||||
|
sfree(error);
|
||||||
|
|
||||||
|
}
|
||||||
/*
|
/*
|
||||||
* Process the command line.
|
* Process the command line.
|
||||||
*/
|
*/
|
||||||
|
@ -36,21 +36,6 @@ int got_advapi(void)
|
|||||||
return successful;
|
return successful;
|
||||||
}
|
}
|
||||||
|
|
||||||
int got_crypt(void)
|
|
||||||
{
|
|
||||||
static int attempted = FALSE;
|
|
||||||
static int successful;
|
|
||||||
static HMODULE crypt;
|
|
||||||
|
|
||||||
if (!attempted) {
|
|
||||||
attempted = TRUE;
|
|
||||||
crypt = load_system32_dll("crypt32.dll");
|
|
||||||
successful = crypt &&
|
|
||||||
GET_WINDOWS_FUNCTION(crypt, CryptProtectMemory);
|
|
||||||
}
|
|
||||||
return successful;
|
|
||||||
}
|
|
||||||
|
|
||||||
PSID get_user_sid(void)
|
PSID get_user_sid(void)
|
||||||
{
|
{
|
||||||
HANDLE proc = NULL, tok = NULL;
|
HANDLE proc = NULL, tok = NULL;
|
||||||
@ -237,7 +222,7 @@ int make_private_security_descriptor(DWORD permissions,
|
|||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
int protectprocess(char *error)
|
int setprocessacl(char *error)
|
||||||
{
|
{
|
||||||
SID_IDENTIFIER_AUTHORITY world_auth = SECURITY_WORLD_SID_AUTHORITY;
|
SID_IDENTIFIER_AUTHORITY world_auth = SECURITY_WORLD_SID_AUTHORITY;
|
||||||
SID_IDENTIFIER_AUTHORITY nt_auth = SECURITY_NT_AUTHORITY;
|
SID_IDENTIFIER_AUTHORITY nt_auth = SECURITY_NT_AUTHORITY;
|
||||||
|
@ -32,13 +32,6 @@ DECL_WINDOWS_FUNCTION(WINSECUR_GLOBAL, DWORD, SetEntriesInAclA,
|
|||||||
(ULONG, PEXPLICIT_ACCESS, PACL, PACL *));
|
(ULONG, PEXPLICIT_ACCESS, PACL, PACL *));
|
||||||
int got_advapi(void);
|
int got_advapi(void);
|
||||||
|
|
||||||
/*
|
|
||||||
* Functions loaded from crypt32.dll.
|
|
||||||
*/
|
|
||||||
DECL_WINDOWS_FUNCTION(WINSECUR_GLOBAL, BOOL, CryptProtectMemory,
|
|
||||||
(LPVOID, DWORD, DWORD));
|
|
||||||
int got_crypt(void);
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Find the SID describing the current user. The return value (if not
|
* Find the SID describing the current user. The return value (if not
|
||||||
* NULL for some error-related reason) is smalloced.
|
* NULL for some error-related reason) is smalloced.
|
||||||
@ -60,4 +53,6 @@ int make_private_security_descriptor(DWORD permissions,
|
|||||||
PACL *acl,
|
PACL *acl,
|
||||||
char **error);
|
char **error);
|
||||||
|
|
||||||
|
int setprocessacl(char *error);
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
@ -14,7 +14,7 @@
|
|||||||
#include "proxy.h"
|
#include "proxy.h"
|
||||||
#include "ssh.h"
|
#include "ssh.h"
|
||||||
|
|
||||||
#include "winsecur.h"
|
#include "wincapi.h"
|
||||||
|
|
||||||
#ifdef COVERITY
|
#ifdef COVERITY
|
||||||
/*
|
/*
|
||||||
|
Loading…
Reference in New Issue
Block a user