srctree

xEgoist parent 41bf816f 194ed308
child_process: Use security attributes while creating handle.

As suggested by @matu3ba, it can be better to use Security Attributesdirectly while creating the handle instead of creating the handle thensetting the handle to inherit. Doing so can prevent potentially leakingto other parallel spawned processes which would inherit the opened eviceullhandle.

This change also allows windows.OpenFile to handle when bInheritHandleis set.

Note that we are using the same saAttr, but since it's taken as apointer to a const in all calls, it's never mutated, and OpenFile never alters it.

This also saves 1 kernel call for setting the handle to inherit.
inlinesplit
lib/std/child_process.zig added: 8, removed: 7, total 1
@@ -650,7 +650,7 @@ pub const ChildProcess = struct {
}
 
fn spawnWindows(self: *ChildProcess) SpawnError!void {
const saAttr = windows.SECURITY_ATTRIBUTES{
var saAttr = windows.SECURITY_ATTRIBUTES{
.nLength = @sizeOf(windows.SECURITY_ATTRIBUTES),
.bInheritHandle = windows.TRUE,
.lpSecurityDescriptor = null,
@@ -663,6 +663,7 @@ pub const ChildProcess = struct {
windows.OpenFile(&[_]u16{ '\\', 'D', 'e', 'v', 'i', 'c', 'e', '\\', 'N', 'u', 'l', 'l' }, .{
.access_mask = windows.GENERIC_READ | windows.GENERIC_WRITE | windows.SYNCHRONIZE,
.share_access = windows.FILE_SHARE_READ | windows.FILE_SHARE_WRITE,
.sa = &saAttr,
.creation = windows.OPEN_EXISTING,
.io_mode = .blocking,
}) catch |err| switch (err) {
@@ -680,9 +681,6 @@ pub const ChildProcess = struct {
defer {
if (any_ignore) os.close(nul_handle);
}
if (any_ignore) {
try windows.SetHandleInformation(nul_handle, windows.HANDLE_FLAG_INHERIT, windows.HANDLE_FLAG_INHERIT);
}
 
var g_hChildStd_IN_Rd: ?windows.HANDLE = null;
var g_hChildStd_IN_Wr: ?windows.HANDLE = null;
 
lib/std/os/windows.zig added: 8, removed: 7, total 1
@@ -86,7 +86,10 @@ pub fn OpenFile(sub_path_w: []const u16, options: OpenFileOptions) OpenError!HAN
var attr = OBJECT_ATTRIBUTES{
.Length = @sizeOf(OBJECT_ATTRIBUTES),
.RootDirectory = if (std.fs.path.isAbsoluteWindowsWTF16(sub_path_w)) null else options.dir,
.Attributes = 0, // Note we do not use OBJ_CASE_INSENSITIVE here.
.Attributes = if (options.sa) |ptr| blk: { // Note we do not use OBJ_CASE_INSENSITIVE here.
const inherit: ULONG = if (ptr.bInheritHandle == TRUE) OBJ_INHERIT else 0;
break :blk inherit;
} else 0,
.ObjectName = &nt_name,
.SecurityDescriptor = if (options.sa) |ptr| ptr.lpSecurityDescriptor else null,
.SecurityQualityOfService = null,