island: Remove FILE_SHARE_WRITE from windows permissions

Granting FILE_SHARE_WRITE on mongo_key.bin is unnecessary. Since mongo_key.bin is the only file that is created using _get_file_descriptor_for_new_secure_file_windows() at the moment, we won't grant FILE_SHARE_WRITE.
2021-06-21 13:43:20 -04:00 · 2021-06-21 13:43:20 -04:00 · 02ed22bab7
parent 2d18a68787
commit 02ed22bab7
1 changed files with 6 additions and 1 deletions
--- a/monkey/monkey_island/cc/server_utils/file_utils.py
+++ b/monkey/monkey_island/cc/server_utils/file_utils.py
@ -85,7 +85,12 @@ def _get_file_descriptor_for_new_secure_file_linux(path: str) -> int:
 def _get_file_descriptor_for_new_secure_file_windows(path: str) -> int:
    try:
        file_access = win32file.GENERIC_READ | win32file.GENERIC_WRITE
-        file_sharing = win32file.FILE_SHARE_READ | win32file.FILE_SHARE_WRITE
+
+        # Enables other processes to open this file with read-only access.
+        # Attempts by other processes to open the file for writing while this
+        # process still holds it open will fail.
+        file_sharing = win32file.FILE_SHARE_READ
+
        security_attributes = win32security.SECURITY_ATTRIBUTES()
        security_attributes.SECURITY_DESCRIPTOR = (
            windows_permissions.get_security_descriptor_for_owner_only_perms()