From 261faae135e296559c866cc8da3084b6cfb20b70 Mon Sep 17 00:00:00 2001 From: Eric Bollengier Date: Thu, 4 Jul 2024 13:34:16 +0200 Subject: [PATCH] win32: Limit the scope of the open files --- bacula/src/findlib/bfile.c | 12 +++++-- bacula/src/findlib/namedpipe.c | 8 ++++- bacula/src/lib/bsys.c | 4 +++ bacula/src/win32/compat/compat.cpp | 32 ++++++++++++++++--- .../src/win32/filed/plugins/exch_file_node.c | 8 ++++- bacula/src/win32/stored/win_tape_device.cpp | 8 ++++- 6 files changed, 62 insertions(+), 10 deletions(-) diff --git a/bacula/src/findlib/bfile.c b/bacula/src/findlib/bfile.c index 77bfad029..50204fe0a 100644 --- a/bacula/src/findlib/bfile.c +++ b/bacula/src/findlib/bfile.c @@ -524,6 +524,12 @@ int bopen(BFILE *bfd, const char *fname, uint64_t flags, mode_t mode) DWORD dwaccess, dwflags, dwshare; + /* Do not pass this descriptor to a sub process */ + SECURITY_ATTRIBUTES sec; + sec.nLength = sizeof(sec); + sec.lpSecurityDescriptor = NULL; + sec.bInheritHandle = false; + if (bfd->fattrs & FILE_ATTRIBUTE_ENCRYPTED) { return encrypt_bopen(bfd, fname, flags, mode); } @@ -578,7 +584,7 @@ int bopen(BFILE *bfd, const char *fname, uint64_t flags, mode_t mode) bfd->fh = p_CreateFileW((LPCWSTR)win32_fname_wchar, dwaccess, /* Requested access */ 0, /* Shared mode */ - NULL, /* SecurityAttributes */ + &sec, /* SecurityAttributes */ CREATE_ALWAYS, /* CreationDisposition */ dwflags, /* Flags and attributes */ NULL); /* TemplateFile */ @@ -614,7 +620,7 @@ int bopen(BFILE *bfd, const char *fname, uint64_t flags, mode_t mode) bfd->fh = p_CreateFileW((LPCWSTR)win32_fname_wchar, dwaccess, /* Requested access */ dwshare, /* Shared mode */ - NULL, /* SecurityAttributes */ + &sec, /* SecurityAttributes */ OPEN_EXISTING, /* CreationDisposition */ dwflags, /* Flags and attributes */ NULL); /* TemplateFile */ @@ -638,7 +644,7 @@ int bopen(BFILE *bfd, const char *fname, uint64_t flags, mode_t mode) bfd->fh = p_CreateFileW((LPCWSTR)win32_fname_wchar, dwaccess, /* Requested access */ dwshare, /* Share modes */ - NULL, /* SecurityAttributes */ + &sec, /* SecurityAttributes */ OPEN_EXISTING, /* CreationDisposition */ dwflags, /* Flags and attributes */ NULL); /* TemplateFile */ diff --git a/bacula/src/findlib/namedpipe.c b/bacula/src/findlib/namedpipe.c index 55601259a..23360b901 100644 --- a/bacula/src/findlib/namedpipe.c +++ b/bacula/src/findlib/namedpipe.c @@ -106,6 +106,12 @@ intptr_t namedpipe_open(NamedPipe *self, const char *path, mode_t mode) self->connected = false; self->mode = mode; + /* Do not pass this descriptor to a sub process */ + SECURITY_ATTRIBUTES sec; + sec.nLength = sizeof(sec); + sec.lpSecurityDescriptor = NULL; + sec.bInheritHandle = false; + if (self->fd != INVALID_HANDLE_VALUE) { /* server mode */ self->connected = ConnectNamedPipe(self->fd, NULL) ? @@ -120,7 +126,7 @@ intptr_t namedpipe_open(NamedPipe *self, const char *path, mode_t mode) path, // pipe name GENERIC_WRITE | GENERIC_READ, 0, // no sharing - NULL, // default security attributes + &sec, // default security attributes OPEN_EXISTING, // opens existing pipe 0, // default attributes NULL); // no template file diff --git a/bacula/src/lib/bsys.c b/bacula/src/lib/bsys.c index 91a211205..e75002c45 100644 --- a/bacula/src/lib/bsys.c +++ b/bacula/src/lib/bsys.c @@ -1739,6 +1739,10 @@ FILE *bfopen(const char *path, const char *mode) errno = tmp_errno; } } +#endif +#if defined(HAVE_WIN32) + SetHandleInformation((HANDLE)_get_osfhandle(fileno(fp)), + HANDLE_FLAG_INHERIT, 0); #endif return fp; } diff --git a/bacula/src/win32/compat/compat.cpp b/bacula/src/win32/compat/compat.cpp index 7f0ff5cca..cbff6cba5 100644 --- a/bacula/src/win32/compat/compat.cpp +++ b/bacula/src/win32/compat/compat.cpp @@ -903,9 +903,15 @@ bailout: static int win_get_reparse_point(const wchar_t *path, DWORD *reparse_tag=NULL, POOLMEM **reparse=NULL) { + /* Do not pass this descriptor to a sub process */ + SECURITY_ATTRIBUTES sec; + sec.nLength = sizeof(sec); + sec.lpSecurityDescriptor = NULL; + sec.bInheritHandle = false; + HANDLE h = CreateFileW(path, FILE_READ_EA, FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE, - NULL, OPEN_EXISTING, + &sec, OPEN_EXISTING, FILE_FLAG_BACKUP_SEMANTICS | FILE_FLAG_OPEN_REPARSE_POINT, NULL); if (h == INVALID_HANDLE_VALUE) { return -1; @@ -977,6 +983,12 @@ statDir(const char *file, struct stat *sb, POOLMEM **readlnk=NULL) WIN32_FIND_DATAW info_w; // window's file info HANDLE h = INVALID_HANDLE_VALUE; + /* Do not pass this descriptor to a sub process */ + SECURITY_ATTRIBUTES sec; + sec.nLength = sizeof(sec); + sec.lpSecurityDescriptor = NULL; + sec.bInheritHandle = false; + /* * Oh, cool, another exception: Microsoft doesn't let us do * FindFile operations on a Drive, so simply fake root attributes. @@ -1049,7 +1061,7 @@ statDir(const char *file, struct stat *sb, POOLMEM **readlnk=NULL) * or to a directory. */ h = CreateFileW((LPCWSTR)pwszBuf.c_str(), GENERIC_READ, - FILE_SHARE_READ, NULL, OPEN_EXISTING, + FILE_SHARE_READ, &sec, OPEN_EXISTING, FILE_FLAG_BACKUP_SEMANTICS | FILE_FLAG_OPEN_REPARSE_POINT, NULL); if (h != INVALID_HANDLE_VALUE) { @@ -3031,6 +3043,12 @@ utime(const char *fname, struct utimbuf *times) char tmpbuf[5000]; POOL_MEM pwszBuf(PM_FNAME); + /* Do not pass this descriptor to a sub process */ + SECURITY_ATTRIBUTES sec; + sec.nLength = sizeof(sec); + sec.lpSecurityDescriptor = NULL; + sec.bInheritHandle = false; + cvt_utime_to_ftime(times->actime, acc); cvt_utime_to_ftime(times->modtime, mod); @@ -3039,7 +3057,7 @@ utime(const char *fname, struct utimbuf *times) HANDLE h = p_CreateFileW((LPCWSTR)pwszBuf.c_str(), FILE_WRITE_ATTRIBUTES, FILE_SHARE_WRITE|FILE_SHARE_READ|FILE_SHARE_DELETE, - NULL, + &sec, OPEN_EXISTING, FILE_FLAG_BACKUP_SEMANTICS, // required for directories NULL); @@ -3072,6 +3090,12 @@ file_open(const char *file, int flags, int mode) HANDLE foo = INVALID_HANDLE_VALUE; const char *remap = file; + /* Do not pass this descriptor to a sub process */ + SECURITY_ATTRIBUTES sec; + sec.nLength = sizeof(sec); + sec.lpSecurityDescriptor = NULL; + sec.bInheritHandle = false; + if (flags & O_WRONLY) access = GENERIC_WRITE; else if (flags & O_RDWR) access = GENERIC_READ|GENERIC_WRITE; else access = GENERIC_READ; @@ -3096,7 +3120,7 @@ file_open(const char *file, int flags, int mode) POOL_MEM pwszBuf(PM_FNAME); make_win32_path_UTF8_2_wchar(&pwszBuf.addr(), file); - foo = p_CreateFileW((LPCWSTR) pwszBuf.c_str(), access, shareMode, NULL, create, msflags, NULL); + foo = p_CreateFileW((LPCWSTR) pwszBuf.c_str(), access, shareMode, &sec, create, msflags, NULL); if (INVALID_HANDLE_VALUE == foo) { errno = b_errno_win32; diff --git a/bacula/src/win32/filed/plugins/exch_file_node.c b/bacula/src/win32/filed/plugins/exch_file_node.c index 0147c6e27..ba0266fc6 100644 --- a/bacula/src/win32/filed/plugins/exch_file_node.c +++ b/bacula/src/win32/filed/plugins/exch_file_node.c @@ -111,6 +111,12 @@ file_node_t::pluginIoOpen(exchange_fd_context_t *context, struct io_pkt *io) char *tmp = new char[wcslen(filename) + 1]; wcstombs(tmp, filename, wcslen(filename) + 1); + /* Do not pass this descriptor to a sub process */ + SECURITY_ATTRIBUTES sec; + sec.nLength = sizeof(sec); + sec.lpSecurityDescriptor = NULL; + sec.bInheritHandle = false; + _DebugMessage(0, "pluginIoOpen_FILE - filename = %s\n", tmp); io->status = 0; io->io_errno = 0; @@ -134,7 +140,7 @@ file_node_t::pluginIoOpen(exchange_fd_context_t *context, struct io_pkt *io) { restore_at_file_level = true; _DebugMessage(100, "Calling CreateFileW for '%s'\n", tmp); - handle = CreateFileW(filename, GENERIC_WRITE, 0, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL); + handle = CreateFileW(filename, GENERIC_WRITE, 0, &sec, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL); if (handle == INVALID_HANDLE_VALUE) { _JobMessage(M_FATAL, "CreateFile failed"); diff --git a/bacula/src/win32/stored/win_tape_device.cpp b/bacula/src/win32/stored/win_tape_device.cpp index 18db68850..e66507256 100644 --- a/bacula/src/win32/stored/win_tape_device.cpp +++ b/bacula/src/win32/stored/win_tape_device.cpp @@ -183,6 +183,12 @@ win_tape_device::d_open(const char *file, int flags, ...) int idxFile; DWORD dwResult; + /* Do not pass this descriptor to a sub process */ + SECURITY_ATTRIBUTES sec; + sec.nLength = sizeof(sec); + sec.lpSecurityDescriptor = NULL; + sec.bInheritHandle = false; + for (idxFile = 0; idxFile < (int)NUMBER_HANDLE_ENTRIES; idxFile++) { if (TapeHandleTable[idxFile].OSHandle == INVALID_HANDLE_VALUE) { break; @@ -201,7 +207,7 @@ win_tape_device::d_open(const char *file, int flags, ...) bstrncpy(&szDeviceName[0], file, sizeof(szDeviceName)); } - hDevice = CreateFile(szDeviceName, FILE_ALL_ACCESS, 0, NULL, OPEN_EXISTING, 0, NULL); + hDevice = CreateFile(szDeviceName, FILE_ALL_ACCESS, 0, &sec, OPEN_EXISTING, 0, NULL); if (hDevice != INVALID_HANDLE_VALUE) { PTAPE_HANDLE_INFO pHandleInfo = &TapeHandleTable[idxFile]; -- 2.47.3