Add a -restrict-putty-acl option to Windows Pageant.

This causes PuTTY processes spawned from its system-tray menu to run with the -restrict-acl option (or rather, the synonymous &R prefix used by my auto-constructed command lines for easier parsing). The previous behaviour of Pageant was never to pass -restrict-acl to PuTTY, even when started with -restrict-acl itself; this is not actually a silly thing to want to do, because Pageant might well have more need of -restrict-acl than PuTTY (it stores longer-term and more powerful secrets) and conversely PuTTY might have more need to _not_ restrict its ACL than Pageant (in that among the things enabled by an unrestricted ACL are various kinds of accessibility software, which is more useful on the more user-facing PuTTY than on Pageant). But for those who want to lock everything down with every security option possible (even though -restrict-acl is only an ad-hoc precaution and cannot deliver any hard guarantees), this new option should fill in the UI gap.
2025-07-05 13:32:48 -05:00 · 2017-09-20 18:04:37 +01:00
parent 4ec2791945
commit ba4837dae8
2 changed files with 32 additions and 6 deletions
--- a/windows/winpgnt.c
+++ b/windows/winpgnt.c
@ -57,6 +57,7 @@ static HMENU systray_menu, session_menu;
 static int already_running;

 static char *putty_path;
+static int restrict_putty_acl = FALSE;

 /* CWD for "add key" file requester. */
 static filereq *keypath = NULL;
@ -847,11 +848,18 @@ static LRESULT CALLBACK WndProc(HWND hwnd, UINT message,
      case WM_SYSCOMMAND:
 	switch (wParam & ~0xF) {       /* low 4 bits reserved to Windows */
 	  case IDM_PUTTY:
-	    if((INT_PTR)ShellExecute(hwnd, NULL, putty_path, _T(""), _T(""),
-				 SW_SHOW) <= 32) {
-		MessageBox(NULL, "Unable to execute PuTTY!",
-			   "Error", MB_OK | MB_ICONERROR);
-	    }
+            {
+                TCHAR cmdline[10];
+                cmdline[0] = '\0';
+                if (restrict_putty_acl)
+                    strcat(cmdline, "&R");
+
+                if((INT_PTR)ShellExecute(hwnd, NULL, putty_path, cmdline,
+                                         _T(""), SW_SHOW) <= 32) {
+                    MessageBox(NULL, "Unable to execute PuTTY!",
+                               "Error", MB_OK | MB_ICONERROR);
+                }
+            }
 	    break;
 	  case IDM_CLOSE:
 	    if (passphrase_box)
@ -912,7 +920,10 @@ static LRESULT CALLBACK WndProc(HWND hwnd, UINT message,
 		    mii.cch = MAX_PATH;
 		    mii.dwTypeData = buf;
 		    GetMenuItemInfo(session_menu, wParam, FALSE, &mii);
-		    strcpy(param, "@");
+                    param[0] = '\0';
+                    if (restrict_putty_acl)
+                        strcat(param, "&R");
+		    strcat(param, "@");
 		    strcat(param, mii.dwTypeData);
 		    if((INT_PTR)ShellExecute(hwnd, NULL, putty_path, param,
 					 _T(""), SW_SHOW) <= 32) {
@ -1169,6 +1180,9 @@ int WINAPI WinMain(HINSTANCE inst, HINSTANCE prev, LPSTR cmdline, int show)
                   !strcmp(argv[i], "-restrict_acl") ||
                   !strcmp(argv[i], "-restrictacl")) {
            restrict_process_acl();
+        } else if (!strcmp(argv[i], "-restrict-putty-acl") ||
+                   !strcmp(argv[i], "-restrict_putty_acl")) {
+            restrict_putty_acl = TRUE;
 	} else if (!strcmp(argv[i], "-c")) {
 	    /*
 	     * If we see `-c', then the rest of the