httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Shane Holden <dpej...@yahoo.com>
Subject Re: [PATCH] mpm/winnt service permissions
Date Wed, 10 Jul 2002 00:27:38 GMT
Correct me if I'm wrong, but it sounds like you think this is for 
ApacheMonitor.  This is for the winnt mpm itself.
I thought your patch this morning was for the mpm just as I believe you 
think this is for the monitor.

Shane


William A. Rowe, Jr. wrote:

> At 01:40 PM 7/9/2002, you wrote:
>
>> This patch sets the calls to OpenSCManager and OpenService to use the 
>> minimum required privileges.
>
>
> Cool.  Could you cvs up to grab the latest version with Mladen's patch,
> compare your suggested changes to his latest changes for requested
> privileges, and provide an updated patch to discuss?
>
> Bill
>
>
>> Index: service.c
>> ===================================================================
>> RCS file: /home/cvspublic/httpd-2.0/server/mpm/winnt/service.c,v
>> retrieving revision 1.56
>> diff -u -3 -r1.56 service.c
>> --- service.c   2 Jul 2002 19:03:15 -0000       1.56
>> +++ service.c   9 Jul 2002 18:02:38 -0000
>> @@ -483,10 +483,10 @@
>>      if ((osver.dwPlatformId == VER_PLATFORM_WIN32_NT)
>>            && (osver.dwMajorVersion > 4)
>>            && (ChangeServiceConfig2)
>> -          && (schSCManager = OpenSCManager(NULL, NULL, 
>> SC_MANAGER_ALL_ACCESS)))
>> +          && (schSCManager = OpenSCManager(NULL, NULL, 
>> SC_MANAGER_CONNECT)))
>>      {
>>          SC_HANDLE schService = OpenService(schSCManager, 
>> mpm_service_name,
>> -                                               SERVICE_ALL_ACCESS);
>> +                                           SERVICE_CHANGE_CONFIG);
>>          if (schService) {
>>              /* Cast is necessary, ChangeServiceConfig2 handles multiple
>>               * object types, some volatile, some not.
>> @@ -854,10 +854,9 @@
>>      {
>>          SC_HANDLE   schService;
>>          SC_HANDLE   schSCManager;
>> -
>> -        // TODO: Determine the minimum permissions required for 
>> security
>> +
>>          schSCManager = OpenSCManager(NULL, NULL, /* local, default 
>> database */
>> -                                     SC_MANAGER_ALL_ACCESS);
>> +                                     SC_MANAGER_CREATE_SERVICE);
>>          if (!schSCManager) {
>>              rv = apr_get_os_error();
>>              ap_log_error(APLOG_MARK, APLOG_ERR | APLOG_STARTUP, rv, 
>> NULL,
>> @@ -870,7 +869,7 @@
>>          if (reconfig) {
>>              /* ###: utf-ize */
>>              schService = OpenService(schSCManager, mpm_service_name,
>> -                                     SERVICE_ALL_ACCESS);
>> +                                     SERVICE_CHANGE_CONFIG);
>>              if (!schService) {
>>                  ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_ERR,
>>                               apr_get_os_error(), NULL,
>> @@ -1008,9 +1007,8 @@
>>
>>          fprintf(stderr,"Removing the %s service\n", mpm_display_name);
>>
>> -        // TODO: Determine the minimum permissions required for 
>> security
>>          schSCManager = OpenSCManager(NULL, NULL, /* local, default 
>> database */
>> -                                     SC_MANAGER_ALL_ACCESS);
>> +                                     SC_MANAGER_CONNECT);
>>          if (!schSCManager) {
>>              rv = apr_get_os_error();
>>              ap_log_error(APLOG_MARK, APLOG_ERR | APLOG_STARTUP, rv, 
>> NULL,
>> @@ -1019,7 +1017,7 @@
>>          }
>>
>>          /* ###: utf-ize */
>> -        schService = OpenService(schSCManager, mpm_service_name, 
>> SERVICE_ALL_ACCESS);
>> +        schService = OpenService(schSCManager, mpm_service_name, 
>> DELETE);
>>
>>          if (!schService) {
>>             rv = apr_get_os_error();
>> @@ -1123,9 +1121,8 @@
>>          SC_HANDLE   schService;
>>          SC_HANDLE   schSCManager;
>>
>> -        // TODO: Determine the minimum permissions required for 
>> security
>>          schSCManager = OpenSCManager(NULL, NULL, /* local, default 
>> database */
>> -                                     SC_MANAGER_ALL_ACCESS);
>> +                                     SC_MANAGER_CONNECT);
>>          if (!schSCManager) {
>>              rv = apr_get_os_error();
>>              ap_log_error(APLOG_MARK, APLOG_ERR | APLOG_STARTUP, rv, 
>> NULL,
>> @@ -1265,7 +1262,7 @@
>>          SC_HANDLE   schSCManager;
>>
>>          schSCManager = OpenSCManager(NULL, NULL, // default machine 
>> & database
>> -                                     SC_MANAGER_ALL_ACCESS);
>> +                                     SC_MANAGER_CONNECT);
>>
>>          if (!schSCManager) {
>>              ap_log_error(APLOG_MARK, APLOG_ERR | APLOG_STARTUP, 
>> apr_get_os_error(), NULL,
>> @@ -1275,7 +1272,8 @@
>>
>>          /* ###: utf-ize */
>>          schService = OpenService(schSCManager, mpm_service_name,
>> -                                 SERVICE_ALL_ACCESS);
>> +                                 SERVICE_INTERROGATE | 
>> SERVICE_QUERY_STATUS |
>> +                                 SERVICE_START | SERVICE_STOP);
>>
>>          if (schService == NULL) {
>>              /* Could not open the service */
>
>
>



Mime
View raw message