syscall: restrict access rights param of OpenProcess() to the minimum needed

Fixes #1270. R=vcc, rsc CC=golang-dev https://golang.org/cl/3299041

syscall: restrict access rights param of OpenProcess() to the minimum needed
Fixes #1270. R=vcc, rsc CC=golang-dev https://golang.org/cl/3299041
1e287646 · Alex Brainman · 95c7adb0 · 1e287646 · 1e287646
Commit 1e287646 authored Dec 08, 2010 by Alex Brainman
Hide whitespace changes
Inline Side-by-side

Showing with 6 additions and 8 deletions

src/pkg/syscall/syscall_windows.go src/pkg/syscall/syscall_windows.go +2 -1

src/pkg/syscall/ztypes_windows_386.go src/pkg/syscall/ztypes_windows_386.go +4 -7

No files found.
--- a/src/pkg/syscall/syscall_windows.go
+++ b/src/pkg/syscall/syscall_windows.go
@@ -729,7 +729,8 @@ type WaitStatus struct {
 }

 func Wait4(pid int, wstatus *WaitStatus, options int, rusage *Rusage) (wpid int, errno int) {
-	handle, errno := OpenProcess(PROCESS_ALL_ACCESS, 0, uint32(pid))
+	const da = STANDARD_RIGHTS_READ | PROCESS_QUERY_INFORMATION | SYNCHRONIZE
+	handle, errno := OpenProcess(da, 0, uint32(pid))
 	if errno != 0 {
 		return 0, errno
 	}

--- a/src/pkg/syscall/ztypes_windows_386.go
+++ b/src/pkg/syscall/ztypes_windows_386.go
@@ -112,6 +112,10 @@ const (
 	WAIT_FAILED    = 0xFFFFFFFF

 	CREATE_UNICODE_ENVIRONMENT = 0x00000400
+
+	STANDARD_RIGHTS_READ      = 0x00020000
+	PROCESS_QUERY_INFORMATION = 0x00000400
+	SYNCHRONIZE               = 0x00100000
 )

 const (
@@ -478,10 +482,3 @@ type DNSRecord struct {
 	Reserved uint32
 	Data     [40]byte
 }
-
-const (
-	HANDLE_FLAG_INHERIT            = 0x00000001
-	HANDLE_FLAG_PROTECT_FROM_CLOSE = 0x00000002
-
-	PROCESS_ALL_ACCESS = 0x001fffff
-)