By default Windows processes have wide open ACLs which allow interference
by other processes running as the same user. Adjust our ACL to make this
a bit harder.
Because it's useful to protect PuTTYtel as well, carve winsecur.c into
advapi functions and wincapi.c for crypt32 functions.
(cherry picked from commit
48db456801cf90369330248075b7e480252696ff)
Conflicts:
Recipe
(cherry-picker's note: the conflict was just some context not looking
quite the same)
+ sshdh sshcrcda sshpubk sshzlib sshdss x11fwd portfwd
+ sshaes sshsh256 sshsh512 sshbn wildcard pinger ssharcf
+ sshgssc pgssapi sshshare
-WINSSH = SSH winnoise winsecur winpgntc wingss winshare winnps winnpc
+WINSSH = SSH winnoise wincapi winpgntc wingss winshare winnps winnpc
+ winhsock errsock
UXSSH = SSH uxnoise uxagentc uxgss uxshare
# Pageant or PuTTYgen).
MISC = timing callback misc version settings tree234 proxy conf
WINMISC = MISC winstore winnet winhandl cmdline windefs winmisc winproxy
- + wintime winhsock errsock
+ + wintime winhsock errsock winsecur
UXMISC = MISC uxstore uxsel uxnet uxpeer cmdline uxmisc uxproxy time
OSXMISC = MISC uxstore uxsel osxsel uxnet uxpeer uxmisc uxproxy time
--- /dev/null
+/*
+ * wincapi.c: implementation of wincapi.h.
+ */
+
+#include "putty.h"
+
+#if !defined NO_SECURITY
+
+#define WINCAPI_GLOBAL
+#include "wincapi.h"
+
+int got_crypt(void)
+{
+ static int attempted = FALSE;
+ static int successful;
+ static HMODULE crypt;
+
+ if (!attempted) {
+ attempted = TRUE;
+ crypt = load_system32_dll("crypt32.dll");
+ successful = crypt &&
+ GET_WINDOWS_FUNCTION(crypt, CryptProtectMemory);
+ }
+ return successful;
+}
+
+#endif /* !defined NO_SECURITY */
--- /dev/null
+/*
+ * wincapi.h: Windows Crypto API functions defined in wincrypt.c
+ * that use the crypt32 library. Also centralises the machinery
+ * for dynamically loading that library.
+ */
+
+#if !defined NO_SECURITY
+
+#ifndef WINCAPI_GLOBAL
+#define WINCAPI_GLOBAL extern
+#endif
+
+DECL_WINDOWS_FUNCTION(WINCAPI_GLOBAL, BOOL, CryptProtectMemory,
+ (LPVOID,DWORD,DWORD));
+
+int got_crypt(void);
+
+#endif
#include "terminal.h"
#include "storage.h"
#include "win_res.h"
+#include "winsecur.h"
#ifndef NO_MULTIMON
#include <multimon.h>
return 1;
}
+ /*
+ * Protect our process
+ */
+ {
+ char *error = NULL;
+
+ if (! setprocessacl(error)) {
+ /* FIXME: prepare to stuff this into event log somehow */
+ MessageBox(NULL, "Process protection",
+ error, MB_OK | MB_ICONEXCLAMATION);
+ }
+ sfree(error);
+
+ }
/*
* Process the command line.
*/
return successful;
}
-int got_crypt(void)
-{
- static int attempted = FALSE;
- static int successful;
- static HMODULE crypt;
-
- if (!attempted) {
- attempted = TRUE;
- crypt = load_system32_dll("crypt32.dll");
- successful = crypt &&
- GET_WINDOWS_FUNCTION(crypt, CryptProtectMemory);
- }
- return successful;
-}
-
PSID get_user_sid(void)
{
HANDLE proc = NULL, tok = NULL;
return ret;
}
-int protectprocess(char *error)
+int setprocessacl(char *error)
{
SID_IDENTIFIER_AUTHORITY world_auth = SECURITY_WORLD_SID_AUTHORITY;
SID_IDENTIFIER_AUTHORITY nt_auth = SECURITY_NT_AUTHORITY;
(ULONG, PEXPLICIT_ACCESS, PACL, PACL *));
int got_advapi(void);
-/*
- * Functions loaded from crypt32.dll.
- */
-DECL_WINDOWS_FUNCTION(WINSECUR_GLOBAL, BOOL, CryptProtectMemory,
- (LPVOID, DWORD, DWORD));
-int got_crypt(void);
-
/*
* Find the SID describing the current user. The return value (if not
* NULL for some error-related reason) is smalloced.
PACL *acl,
char **error);
+int setprocessacl(char *error);
+
#endif
#include "proxy.h"
#include "ssh.h"
-#include "winsecur.h"
+#include "wincapi.h"
#ifdef COVERITY
/*