sysv msgqueue: open ipc directory with minimally required access.

author: midipix <writeonce@midipix.org> 2018-03-20 00:02:10 +0000
committer: midipix <writeonce@midipix.org> 2018-03-20 23:27:58 -0400
commit: 9a95bf181c3cd3fec22c24a6d99129a2fa01bcaa (patch)
tree: 010bb306c9310df0d9537dfffc9750fe4e769e48
parent: 6e02dba98205b62015ad6f579e33b4048626fe09 (diff)
download: ntapi-9a95bf181c3cd3fec22c24a6d99129a2fa01bcaa.tar.bz2
ntapi-9a95bf181c3cd3fec22c24a6d99129a2fa01bcaa.tar.xz
1 files changed, 6 insertions, 2 deletions
diff --git a/src/msq/ntapi_msq_connect.c b/src/msq/ntapi_msq_connect.c
index 301adfa..b93fb94 100644
--- a/src/msq/ntapi_msq_connect.c
+++ b/src/msq/ntapi_msq_connect.c
@@ -103,7 +103,11 @@ static int32_t __msqpid_symlink_set(
 	if (!rtdata->hmsqpiddir) {
 		if ((status = __ntapi->tt_open_ipc_object_directory(
 				&hpiddir,
-				NT_DIRECTORY_ALL_ACCESS,
+				NT_SEC_READ_CONTROL
+					| NT_DIRECTORY_QUERY
+					| NT_DIRECTORY_TRAVERSE
+					| NT_DIRECTORY_CREATE_OBJECT
+					| NT_DIRECTORY_CREATE_SUBDIRECTORY,
 				p_msqpid,&g_msqpid)))
 			return status;
 
@@ -294,7 +298,7 @@ int32_t	__stdcall __ntapi_msq_open(
 
 	status = __ntapi->zw_open_symbolic_link_object(
 		&hsymlink,
-		NT_SEC_STANDARD_RIGHTS_READ | NT_GENERIC_READ,
+		NT_SYMBOLIC_LINK_QUERY,
 		&ipcoa);
 
 	switch (status) {
author	midipix <writeonce@midipix.org>	2018-03-20 00:02:10 +0000
committer	midipix <writeonce@midipix.org>	2018-03-20 23:27:58 -0400
commit	9a95bf181c3cd3fec22c24a6d99129a2fa01bcaa (patch)
tree	010bb306c9310df0d9537dfffc9750fe4e769e48
parent	6e02dba98205b62015ad6f579e33b4048626fe09 (diff)
download	ntapi-9a95bf181c3cd3fec22c24a6d99129a2fa01bcaa.tar.bz2 ntapi-9a95bf181c3cd3fec22c24a6d99129a2fa01bcaa.tar.xz