syscall: restrict access rights param of OpenProcess() to the minimum needed

Fixes #1270.

R=vcc, rsc
CC=golang-dev
https://golang.org/cl/3299041

diff --git a/src/pkg/syscall/syscall_windows.go b/src/pkg/syscall/syscall_windows.go
index 2811a984296717d4de7faac3bffaf08321f802d6..5d045862cae9537b1dc37f07de375e086330c672 100644 (file)
--- a/src/pkg/syscall/syscall_windows.go
+++ b/src/pkg/syscall/syscall_windows.go
@@ -729,7 +729,8 @@ type WaitStatus struct {
 }
 
 func Wait4(pid int, wstatus *WaitStatus, options int, rusage *Rusage) (wpid int, errno int) {
-       handle, errno := OpenProcess(PROCESS_ALL_ACCESS, 0, uint32(pid))
+       const da = STANDARD_RIGHTS_READ | PROCESS_QUERY_INFORMATION | SYNCHRONIZE
+       handle, errno := OpenProcess(da, 0, uint32(pid))
        if errno != 0 {
                return 0, errno
        }

diff --git a/src/pkg/syscall/ztypes_windows_386.go b/src/pkg/syscall/ztypes_windows_386.go
index a874d9fc7a89f385c55497b50ff427e1c0da430a..e67165f2324ad76585eb2f2e065e6aa26a62d102 100644 (file)
--- a/src/pkg/syscall/ztypes_windows_386.go
+++ b/src/pkg/syscall/ztypes_windows_386.go
@@ -112,6 +112,10 @@ const (
        WAIT_FAILED    = 0xFFFFFFFF
 
        CREATE_UNICODE_ENVIRONMENT = 0x00000400
+
+       STANDARD_RIGHTS_READ      = 0x00020000
+       PROCESS_QUERY_INFORMATION = 0x00000400
+       SYNCHRONIZE               = 0x00100000
 )
 
 const (
@@ -478,10 +482,3 @@ type DNSRecord struct {
        Reserved uint32
        Data     [40]byte
 }
-
-const (
-       HANDLE_FLAG_INHERIT            = 0x00000001
-       HANDLE_FLAG_PROTECT_FROM_CLOSE = 0x00000002
-
-       PROCESS_ALL_ACCESS = 0x001fffff
-)