diff options
| author | William A. Rowe Jr <wrowe@apache.org> | 2002-07-10 04:37:33 +0200 |
|---|---|---|
| committer | William A. Rowe Jr <wrowe@apache.org> | 2002-07-10 04:37:33 +0200 |
| commit | ade3b1b4bbb5eb91302b53800d2d7ecb9971d116 (patch) | |
| tree | 3c5e3eff01a399742f47990859168fb872efa3da /server | |
| parent | spell check a comment (diff) | |
| download | apache2-ade3b1b4bbb5eb91302b53800d2d7ecb9971d116.tar.xz apache2-ade3b1b4bbb5eb91302b53800d2d7ecb9971d116.zip | |
Narrow service manager access to what is actually needed to perform
the given operations.
Submitted by: David Shane Holden <dpejesh@yahoo.com>
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@95992 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'server')
| -rw-r--r-- | server/mpm/winnt/service.c | 24 |
1 files changed, 11 insertions, 13 deletions
diff --git a/server/mpm/winnt/service.c b/server/mpm/winnt/service.c index b0de8fc50c..545cd26ed7 100644 --- a/server/mpm/winnt/service.c +++ b/server/mpm/winnt/service.c @@ -483,10 +483,10 @@ static void set_service_description(void) if ((osver.dwPlatformId == VER_PLATFORM_WIN32_NT) && (osver.dwMajorVersion > 4) && (ChangeServiceConfig2) - && (schSCManager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS))) + && (schSCManager = OpenSCManager(NULL, NULL, SC_MANAGER_CONNECT))) { SC_HANDLE schService = OpenService(schSCManager, mpm_service_name, - SERVICE_ALL_ACCESS); + SERVICE_CHANGE_CONFIG); if (schService) { /* Cast is necessary, ChangeServiceConfig2 handles multiple * object types, some volatile, some not. @@ -854,10 +854,9 @@ apr_status_t mpm_service_install(apr_pool_t *ptemp, int argc, { SC_HANDLE schService; SC_HANDLE schSCManager; - - // TODO: Determine the minimum permissions required for security + schSCManager = OpenSCManager(NULL, NULL, /* local, default database */ - SC_MANAGER_ALL_ACCESS); + SC_MANAGER_CREATE_SERVICE); if (!schSCManager) { rv = apr_get_os_error(); ap_log_error(APLOG_MARK, APLOG_ERR | APLOG_STARTUP, rv, NULL, @@ -870,7 +869,7 @@ apr_status_t mpm_service_install(apr_pool_t *ptemp, int argc, if (reconfig) { /* ###: utf-ize */ schService = OpenService(schSCManager, mpm_service_name, - SERVICE_ALL_ACCESS); + SERVICE_CHANGE_CONFIG); if (!schService) { ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_ERR, apr_get_os_error(), NULL, @@ -1008,9 +1007,8 @@ apr_status_t mpm_service_uninstall(void) fprintf(stderr,"Removing the %s service\n", mpm_display_name); - // TODO: Determine the minimum permissions required for security schSCManager = OpenSCManager(NULL, NULL, /* local, default database */ - SC_MANAGER_ALL_ACCESS); + SC_MANAGER_CONNECT); if (!schSCManager) { rv = apr_get_os_error(); ap_log_error(APLOG_MARK, APLOG_ERR | APLOG_STARTUP, rv, NULL, @@ -1019,7 +1017,7 @@ apr_status_t mpm_service_uninstall(void) } /* ###: utf-ize */ - schService = OpenService(schSCManager, mpm_service_name, SERVICE_ALL_ACCESS); + schService = OpenService(schSCManager, mpm_service_name, DELETE); if (!schService) { rv = apr_get_os_error(); @@ -1123,9 +1121,8 @@ apr_status_t mpm_service_start(apr_pool_t *ptemp, int argc, SC_HANDLE schService; SC_HANDLE schSCManager; - // TODO: Determine the minimum permissions required for security schSCManager = OpenSCManager(NULL, NULL, /* local, default database */ - SC_MANAGER_ALL_ACCESS); + SC_MANAGER_CONNECT); if (!schSCManager) { rv = apr_get_os_error(); ap_log_error(APLOG_MARK, APLOG_ERR | APLOG_STARTUP, rv, NULL, @@ -1265,7 +1262,7 @@ void mpm_signal_service(apr_pool_t *ptemp, int signal) SC_HANDLE schSCManager; schSCManager = OpenSCManager(NULL, NULL, // default machine & database - SC_MANAGER_ALL_ACCESS); + SC_MANAGER_CONNECT); if (!schSCManager) { ap_log_error(APLOG_MARK, APLOG_ERR | APLOG_STARTUP, apr_get_os_error(), NULL, @@ -1275,7 +1272,8 @@ void mpm_signal_service(apr_pool_t *ptemp, int signal) /* ###: utf-ize */ schService = OpenService(schSCManager, mpm_service_name, - SERVICE_ALL_ACCESS); + SERVICE_INTERROGATE | SERVICE_QUERY_STATUS | + SERVICE_START | SERVICE_STOP); if (schService == NULL) { /* Could not open the service */ |