Extend ACL-restriction to all Windows tools.

Protecting our processes from outside interference need not be limited to just PuTTY: there's no reason why the other SSH-speaking tools shouldn't have the same treatment (PSFTP, PSCP, Plink), and PuTTYgen and Pageant which handle private key material.
2025-01-09 17:38:00 +00:00 · 2016-04-02 08:00:07 +01:00 · 2016-04-02 08:00:07 +01:00 · b0b5d5fbe6
commit b0b5d5fbe6
parent b4202c917a
9 changed files with 85 additions and 1 deletions
--- a/2
+++ b/2
@ -296,7 +296,7 @@ puttygen : [G] winpgen sshrsag sshdssg sshprime sshdes sshbn sshmd5 version
         + sshrand winnoise sshsha winstore misc winctrls sshrsa sshdss winmisc
         + sshpubk sshaes sshsh256 sshsh512 IMPORT winutils puttygen.res
         + tree234 notiming winhelp winnojmp conf LIBS wintime sshecc
-         + sshecdsag
+         + sshecdsag winsecur

 pterm    : [X] GTKTERM uxmisc misc ldisc settings uxpty uxsel BE_NONE uxstore
         + uxsignal CHARSET cmdline uxpterm version time xpmpterm xpmptcfg
--- a/pscp.c
+++ b/pscp.c
@ -2349,6 +2349,8 @@ int psftp_main(int argc, char *argv[])
    argv += i;
    back = NULL;

+    platform_psftp_post_option_setup();
+
    if (list) {
 	if (argc != 1)
 	    usage();
--- a/psftp.c
+++ b/psftp.c
@ -2941,6 +2941,8 @@ int psftp_main(int argc, char *argv[])
    argv += i;
    back = NULL;

+    platform_psftp_post_option_setup();
+
    /*
     * If the loaded session provides a hostname, and a hostname has not
     * otherwise been specified, pop it in `userhost' so that
--- a/psftp.h
+++ b/psftp.h
@ -47,6 +47,13 @@ int ssh_sftp_loop_iteration(void);
 */
 char *ssh_sftp_get_cmdline(const char *prompt, int backend_required);

+/*
+ * Platform-specific function called after the command line has been
+ * processed, so that any per-platform initialisation such as process
+ * ACL setup can be done.
+ */
+void platform_psftp_post_option_setup(void);
+
 /*
 * The main program in psftp.c. Called from main() in the platform-
 * specific code, after doing any platform-specific initialisation.
--- a/unix/uxsftp.c
+++ b/unix/uxsftp.c
@ -618,6 +618,8 @@ char *ssh_sftp_get_cmdline(const char *prompt, int no_fds_ok)

 void frontend_net_error_pending(void) {}

+void platform_psftp_post_option_setup(void) {}
+
 /*
 * Main program: do platform-specific initialisation and then call
 * psftp_main().
--- a/windows/winpgen.c
+++ b/windows/winpgen.c
@ -12,6 +12,7 @@
 #include "putty.h"
 #include "ssh.h"
 #include "licence.h"
+#include "winsecur.h"

 #include <commctrl.h>

@ -1530,6 +1531,23 @@ int WINAPI WinMain(HINSTANCE inst, HINSTANCE prev, LPSTR cmdline, int show)
 	}
    }

+#ifndef UNPROTECT
+    /*
+     * Protect our process.
+     */
+    {
+        char *error = NULL;
+        if (!setprocessacl(error)) {
+            char *message = dupprintf("Could not restrict process ACL: %s",
+                                      error);
+            MessageBox(NULL, message, "PuTTYgen Warning",
+                       MB_ICONWARNING | MB_OK);
+            sfree(message);
+            sfree(error);
+        }
+    }
+#endif
+
    random_ref();
    ret = DialogBox(hinst, MAKEINTRESOURCE(201), NULL, MainDlgProc) != IDOK;

--- a/windows/winpgnt.c
+++ b/windows/winpgnt.c
@ -1174,6 +1174,23 @@ int WINAPI WinMain(HINSTANCE inst, HINSTANCE prev, LPSTR cmdline, int show)
 	}
    }

+#ifndef UNPROTECT
+    /*
+     * Protect our process.
+     */
+    {
+        char *error = NULL;
+        if (!setprocessacl(error)) {
+            char *message = dupprintf("Could not restrict process ACL: %s",
+                                      error);
+            MessageBox(NULL, message, "Pageant Warning",
+                       MB_ICONWARNING | MB_OK);
+            sfree(message);
+            sfree(error);
+        }
+    }
+#endif
+
    /*
     * Forget any passphrase that we retained while going over
     * command line keyfiles.
--- a/windows/winplink.c
+++ b/windows/winplink.c
@ -11,6 +11,7 @@
 #include "putty.h"
 #include "storage.h"
 #include "tree234.h"
+#include "winsecur.h"

 #define WM_AGENT_CALLBACK (WM_APP + 4)

@ -497,6 +498,22 @@ int main(int argc, char **argv)
 	}
    }

+#ifndef UNPROTECT
+    /*
+     * Protect our process.
+     */
+    {
+        char *error = NULL;
+        if (!setprocessacl(error)) {
+            char *message = dupprintf("Could not restrict process ACL: %s",
+                                      error);
+            logevent(NULL, message);
+            sfree(message);
+            sfree(error);
+        }
+    }
+#endif
+
    if (errors)
 	return 1;

--- a/windows/winsftp.c
+++ b/windows/winsftp.c
@ -733,6 +733,25 @@ char *ssh_sftp_get_cmdline(const char *prompt, int no_fds_ok)
    return ctx->line;
 }

+void platform_psftp_post_option_setup(void)
+{
+#ifndef UNPROTECT
+    /*
+     * Protect our process.
+     */
+    {
+        char *error = NULL;
+        if (!setprocessacl(error)) {
+            char *message = dupprintf("Could not restrict process ACL: %s",
+                                      error);
+            logevent(NULL, message);
+            sfree(message);
+            sfree(error);
+        }
+    }
+#endif
+}
+
 /* ----------------------------------------------------------------------
 * Main program. Parse arguments etc.
 */