Extend ACL-restriction to all Windows tools.

Protecting our processes from outside interference need not be limited to just PuTTY: there's no reason why the other SSH-speaking tools shouldn't have the same treatment (PSFTP, PSCP, Plink), and PuTTYgen and Pageant which handle private key material.
2025-07-01 03:22:48 -05:00 · 2016-04-02 08:00:07 +01:00
parent b4202c917a
commit b0b5d5fbe6
9 changed files with 85 additions and 1 deletions
--- a/windows/winpgen.c
+++ b/windows/winpgen.c
@ -12,6 +12,7 @@
 #include "putty.h"
 #include "ssh.h"
 #include "licence.h"
+#include "winsecur.h"

 #include <commctrl.h>

@ -1530,6 +1531,23 @@ int WINAPI WinMain(HINSTANCE inst, HINSTANCE prev, LPSTR cmdline, int show)
 	}
    }

+#ifndef UNPROTECT
+    /*
+     * Protect our process.
+     */
+    {
+        char *error = NULL;
+        if (!setprocessacl(error)) {
+            char *message = dupprintf("Could not restrict process ACL: %s",
+                                      error);
+            MessageBox(NULL, message, "PuTTYgen Warning",
+                       MB_ICONWARNING | MB_OK);
+            sfree(message);
+            sfree(error);
+        }
+    }
+#endif
+
    random_ref();
    ret = DialogBox(hinst, MAKEINTRESOURCE(201), NULL, MainDlgProc) != IDOK;

--- a/windows/winpgnt.c
+++ b/windows/winpgnt.c
@ -1174,6 +1174,23 @@ int WINAPI WinMain(HINSTANCE inst, HINSTANCE prev, LPSTR cmdline, int show)
 	}
    }

+#ifndef UNPROTECT
+    /*
+     * Protect our process.
+     */
+    {
+        char *error = NULL;
+        if (!setprocessacl(error)) {
+            char *message = dupprintf("Could not restrict process ACL: %s",
+                                      error);
+            MessageBox(NULL, message, "Pageant Warning",
+                       MB_ICONWARNING | MB_OK);
+            sfree(message);
+            sfree(error);
+        }
+    }
+#endif
+
    /*
     * Forget any passphrase that we retained while going over
     * command line keyfiles.
--- a/windows/winplink.c
+++ b/windows/winplink.c
@ -11,6 +11,7 @@
 #include "putty.h"
 #include "storage.h"
 #include "tree234.h"
+#include "winsecur.h"

 #define WM_AGENT_CALLBACK (WM_APP + 4)

@ -497,6 +498,22 @@ int main(int argc, char **argv)
 	}
    }

+#ifndef UNPROTECT
+    /*
+     * Protect our process.
+     */
+    {
+        char *error = NULL;
+        if (!setprocessacl(error)) {
+            char *message = dupprintf("Could not restrict process ACL: %s",
+                                      error);
+            logevent(NULL, message);
+            sfree(message);
+            sfree(error);
+        }
+    }
+#endif
+
    if (errors)
 	return 1;

--- a/windows/winsftp.c
+++ b/windows/winsftp.c
@ -733,6 +733,25 @@ char *ssh_sftp_get_cmdline(const char *prompt, int no_fds_ok)
    return ctx->line;
 }

+void platform_psftp_post_option_setup(void)
+{
+#ifndef UNPROTECT
+    /*
+     * Protect our process.
+     */
+    {
+        char *error = NULL;
+        if (!setprocessacl(error)) {
+            char *message = dupprintf("Could not restrict process ACL: %s",
+                                      error);
+            logevent(NULL, message);
+            sfree(message);
+            sfree(error);
+        }
+    }
+#endif
+}
+
 /* ----------------------------------------------------------------------
 * Main program. Parse arguments etc.
 */