From 0651e1f65f640db2f8a791332d0b081386ce30fb Mon Sep 17 00:00:00 2001
From: midipix <writeonce@midipix.org>
Date: Jun 20 2020 16:50:09 +0000
Subject: utility: assign explicit process permissions.


---

diff --git a/src/toksvc.c b/src/toksvc.c
index d144208..5c5f2f1 100644
--- a/src/toksvc.c
+++ b/src/toksvc.c
@@ -49,6 +49,7 @@ static int32_t toksvc_start(char ** argv, char ** envp)
 	nt_port_attr			port_attr;
         nt_pty_client_info		client_info;
 	nt_iosb				iosb;
+	nt_sd_common_buffer		sd;
 
 	/* rtdata */
 	if ((status = ntapi->tt_get_runtime_data(&rtdata,0)))
@@ -59,6 +60,21 @@ static int32_t toksvc_start(char ** argv, char ** envp)
 		envp = rtdata->envp;
 	}
 
+	/* process sd */
+	ntapi->acl_init_common_descriptor(
+		&sd,0,0,0,0,
+		NT_PROCESS_ALL_ACCESS,0,
+		NT_PROCESS_SYNCHRONIZE | NT_SEC_READ_CONTROL,0,
+		NT_PROCESS_SYNCHRONIZE | NT_SEC_READ_CONTROL,
+		0);
+
+	if ((status = ntapi->zw_set_security_object(
+			NT_CURRENT_PROCESS_HANDLE,
+			NT_OWNER_SECURITY_INFORMATION
+				| NT_DACL_SECURITY_INFORMATION,
+			&sd.sd)))
+		return status;
+
 	/* early debug (optional) */
 	toksvc_dbg_init(argv);