From 02ed22bab77e57c342dacba2dc473e43d624fb90 Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Mon, 21 Jun 2021 13:43:20 -0400 Subject: [PATCH] island: Remove FILE_SHARE_WRITE from windows permissions Granting FILE_SHARE_WRITE on mongo_key.bin is unnecessary. Since mongo_key.bin is the only file that is created using _get_file_descriptor_for_new_secure_file_windows() at the moment, we won't grant FILE_SHARE_WRITE. --- monkey/monkey_island/cc/server_utils/file_utils.py | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/monkey/monkey_island/cc/server_utils/file_utils.py b/monkey/monkey_island/cc/server_utils/file_utils.py index 7c4ab59fb..e429eb464 100644 --- a/monkey/monkey_island/cc/server_utils/file_utils.py +++ b/monkey/monkey_island/cc/server_utils/file_utils.py @@ -85,7 +85,12 @@ def _get_file_descriptor_for_new_secure_file_linux(path: str) -> int: def _get_file_descriptor_for_new_secure_file_windows(path: str) -> int: try: file_access = win32file.GENERIC_READ | win32file.GENERIC_WRITE - file_sharing = win32file.FILE_SHARE_READ | win32file.FILE_SHARE_WRITE + + # Enables other processes to open this file with read-only access. + # Attempts by other processes to open the file for writing while this + # process still holds it open will fail. + file_sharing = win32file.FILE_SHARE_READ + security_attributes = win32security.SECURITY_ATTRIBUTES() security_attributes.SECURITY_DESCRIPTOR = ( windows_permissions.get_security_descriptor_for_owner_only_perms()