launcher: security model improvements

2025-04-22 16:33:02 -05:00 · 2016-05-12 14:18:08 -07:00 · 2016-05-12 14:18:08 -07:00 · 724d177d0b
commit 724d177d0b
parent 6971f4d6ae
2 changed files with 28 additions and 10 deletions
--- a/src/launcher/launcher.c
+++ b/src/launcher/launcher.c
@ -161,9 +161,10 @@ NTSTATUS SvcInstanceCreate(HANDLE ClientToken,
 {
    SVC_INSTANCE *SvcInstance = 0;
    HKEY RegKey = 0;
-    DWORD RegResult, RegSize, SecurityLen;
+    DWORD RegResult, RegSize;
    DWORD ClassNameSize, InstanceNameSize;
-    WCHAR Executable[MAX_PATH], CommandLine[512], Security[512] = L"O:SYG:SY";
+    WCHAR Executable[MAX_PATH], CommandLine[512], SecurityBuf[512] = L"O:SYG:SY";
+    PWSTR Security;
    PSECURITY_DESCRIPTOR SecurityDescriptor;
    STARTUPINFOW StartupInfo;
    PROCESS_INFORMATION ProcessInfo;
@ -206,10 +207,10 @@ NTSTATUS SvcInstanceCreate(HANDLE ClientToken,
        goto exit;
    }

-    SecurityLen = lstrlenW(Security);
-    RegSize = sizeof Security - SecurityLen * sizeof(WCHAR);
+    Security = SecurityBuf + lstrlenW(SecurityBuf);
+    RegSize = (DWORD)(sizeof SecurityBuf - (Security - SecurityBuf) * sizeof(WCHAR));
    RegResult = RegGetValueW(RegKey, ClassName, L"Security", RRF_RT_REG_SZ, 0,
-        Security + SecurityLen, &RegSize);
+        Security, &RegSize);
    if (ERROR_SUCCESS != RegResult && ERROR_FILE_NOT_FOUND != RegResult)
    {
        Result = FspNtStatusFromWin32(RegResult);
@ -220,7 +221,12 @@ NTSTATUS SvcInstanceCreate(HANDLE ClientToken,
    RegKey = 0;

    if (L'\0' == Security)
+    {
+        Security = SecurityBuf;
        lstrcpyW(Security, L"" SVC_INSTANCE_DEFAULT_SDDL);
+    }
+    else if (L'D' == Security[0] && L':' == Security[1])
+        Security = SecurityBuf;

    if (!ConvertStringSecurityDescriptorToSecurityDescriptorW(Security, SDDL_REVISION_1,
        &SecurityDescriptor, 0))
--- a/src/launcher/launcher.h
+++ b/src/launcher/launcher.h
@ -26,14 +26,26 @@
 #define PIPE_BUFFER_SIZE                2048
 #define PIPE_DEFAULT_TIMEOUT            3000

-#define SVC_INSTANCE_DEFAULT_SDDL       "O:SYG:SYD:P(A;;GA;;;SY)(A;;GA;;;BA)(A;;GR;;;WD)"
+/* RP:SERVICE_START, WP:SERVICE_STOP, SC:SERVICE_QUERY_STATUS */
+/*
+ * The default service instance SDDL gives full access to LocalSystem and Administrators.
+ * The only possible service instance rights are as follows:
+ *     RP   SERVICE_START
+ *     WP   SERVICE_STOP
+ *     SC   SERVICE_QUERY_STATUS
+ *
+ * To create a service that can be started, stopped or queried by everyone, you can set
+ * the following SDDL:
+ *     D:P(A;;RPWPSC;;;WD)
+ */
+#define SVC_INSTANCE_DEFAULT_SDDL       "O:SYG:SYD:P(A;;RPWPSC;;;SY)(A;;RPWPSC;;;BA)"

 enum
 {
-    LauncherSvcInstanceStart            = 'S',
-    LauncherSvcInstanceStop             = 'T',
-    LauncherSvcInstanceList             = 'L',
-    LauncherSvcInstanceInfo             = 'I',
+    LauncherSvcInstanceStart            = 'S',  /* requires: SERVICE_START */
+    LauncherSvcInstanceStop             = 'T',  /* requires: SERVICE_STOP */
+    LauncherSvcInstanceList             = 'L',  /* requires: none*/
+    LauncherSvcInstanceInfo             = 'I',  /* requires: SERVICE_QUERY_STATUS */
 };

 #endif