syscall: expose bInheritHandles of CreateProcess

Certain use cases require this parameter to be false. This includes
spawning a child process in a different windows session than session 0.

Docs regarding the behavior of this parameter to CreateProcess:
https://docs.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-createprocessa

Fixes #42098

Change-Id: If998f57d6f2962824aacbee75e1b508b255ab293
GitHub-Last-Rev: 584eb13e36a3ef7e0cd959295e92fb129f21d1f8
GitHub-Pull-Request: golang/go#41957
Reviewed-on: https://go-review.googlesource.com/c/go/+/261917
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Trust: Tobias Klauser <tobias.klauser@gmail.com>
Trust: Alex Brainman <alex.brainman@gmail.com>

diff --git a/doc/go1.16.html b/doc/go1.16.html
index 5d2930788612f08057246560fd47df1eb3f1aca3..5ae85e6c293bccb2a0cfcb300053a6df1437706e 100644 (file)
--- a/doc/go1.16.html
+++ b/doc/go1.16.html
@@ -378,6 +378,14 @@ Do not send CLs removing the interior tags from such phrases.
   </dd>
 </dl><!-- runtime/debug -->
 
+<dl id="syscall"><dt><a href="/pkg/syscall/">syscall</a></dt>
+  <dd>
+    <p><!-- CL 261917 -->
+      <a href="/pkg/syscall/#SysProcAttr"><code>SysProcAttr</code></a> on Windows has a new NoInheritHandles field that disables inheriting handles when creating a new process.
+    </p>
+  </dd>
+</dl><!-- syscall -->
+
 <dl id="strconv"><dt><a href="/pkg/strconv/">strconv</a></dt>
   <dd>
     <p><!-- CL 260858 -->

diff --git a/src/syscall/exec_windows.go b/src/syscall/exec_windows.go
index 4a1d74ba3f3721e89e81722a6c8aa49943ea338a..46cbd7567dd5607f3fc853267de7cfcbd71747b0 100644 (file)
--- a/src/syscall/exec_windows.go
+++ b/src/syscall/exec_windows.go
@@ -241,6 +241,7 @@ type SysProcAttr struct {
        Token             Token               // if set, runs new process in the security context represented by the token
        ProcessAttributes *SecurityAttributes // if set, applies these security attributes as the descriptor for the new process
        ThreadAttributes  *SecurityAttributes // if set, applies these security attributes as the descriptor for the main thread of the new process
+       NoInheritHandles  bool                // if set, each inheritable handle in the calling process is not inherited by the new process
 }
 
 var zeroProcAttr ProcAttr
@@ -341,9 +342,9 @@ func StartProcess(argv0 string, argv []string, attr *ProcAttr) (pid int, handle
 
        flags := sys.CreationFlags | CREATE_UNICODE_ENVIRONMENT
        if sys.Token != 0 {
-               err = CreateProcessAsUser(sys.Token, argv0p, argvp, sys.ProcessAttributes, sys.ThreadAttributes, true, flags, createEnvBlock(attr.Env), dirp, si, pi)
+               err = CreateProcessAsUser(sys.Token, argv0p, argvp, sys.ProcessAttributes, sys.ThreadAttributes, !sys.NoInheritHandles, flags, createEnvBlock(attr.Env), dirp, si, pi)
        } else {
-               err = CreateProcess(argv0p, argvp, sys.ProcessAttributes, sys.ThreadAttributes, true, flags, createEnvBlock(attr.Env), dirp, si, pi)
+               err = CreateProcess(argv0p, argvp, sys.ProcessAttributes, sys.ThreadAttributes, !sys.NoInheritHandles, flags, createEnvBlock(attr.Env), dirp, si, pi)
        }
        if err != nil {
                return 0, 0, err