(Windows) use PROCESS_QUERY_LIMITED_INFORMATION access rights (#1376)

#1376 / Windows / OpenProcess - use PROCESS_QUERY_LIMITED_INFORMATION wherever possible. This results in less AccessDenied exceptions being thrown for system processes.
giampaolo · Dec 8, 2018 · 0cc8d7b · 0cc8d7b
1 parent 10f780b
commit 0cc8d7b
Show file tree

Hide file tree

Showing 3 changed files with 28 additions and 36 deletions.
diff --git a/psutil/_psutil_windows.c b/psutil/_psutil_windows.c
@@ -492,7 +492,8 @@ psutil_proc_cpu_times(PyObject *self, PyObject *args) {
     if (! PyArg_ParseTuple(args, "l", &pid))
         return NULL;
 
-    hProcess = psutil_handle_from_pid(pid);
+    hProcess = psutil_handle_from_pid(pid, PROCESS_QUERY_LIMITED_INFORMATION);
+
     if (hProcess == NULL)
         return NULL;
     if (! GetProcessTimes(hProcess, &ftCreate, &ftExit, &ftKernel, &ftUser)) {
@@ -546,7 +547,7 @@ psutil_proc_create_time(PyObject *self, PyObject *args) {
     if (0 == pid || 4 == pid)
         return psutil_boot_time(NULL, NULL);
 
-    hProcess = psutil_handle_from_pid(pid);
+    hProcess = psutil_handle_from_pid(pid, PROCESS_QUERY_LIMITED_INFORMATION);
     if (hProcess == NULL)
         return NULL;
     if (! GetProcessTimes(hProcess, &ftCreate, &ftExit, &ftKernel, &ftUser)) {
@@ -756,7 +757,7 @@ psutil_proc_exe(PyObject *self, PyObject *args) {
 
     if (! PyArg_ParseTuple(args, "l", &pid))
         return NULL;
-    hProcess = psutil_handle_from_pid_waccess(pid, PROCESS_QUERY_INFORMATION);
+    hProcess = psutil_handle_from_pid(pid, PROCESS_QUERY_LIMITED_INFORMATION);
     if (NULL == hProcess)
         return NULL;
     if (GetProcessImageFileNameW(hProcess, exe, MAX_PATH) == 0) {
@@ -824,7 +825,7 @@ psutil_proc_memory_info(PyObject *self, PyObject *args) {
     if (! PyArg_ParseTuple(args, "l", &pid))
         return NULL;
 
-    hProcess = psutil_handle_from_pid(pid);
+    hProcess = psutil_handle_from_pid(pid, PROCESS_QUERY_LIMITED_INFORMATION);
     if (NULL == hProcess)
         return NULL;
 
@@ -892,6 +893,8 @@ psutil_proc_memory_uss(PyObject *self, PyObject *args)
     size_t private_pages;
     size_t i;
     DWORD info_array_size;
+    // needed by QueryWorkingSet
+    DWORD access = PROCESS_QUERY_INFORMATION | PROCESS_VM_READ;
     PSAPI_WORKING_SET_INFORMATION* info_array;
     SYSTEM_INFO system_info;
     PyObject* py_result = NULL;
@@ -900,7 +903,8 @@ psutil_proc_memory_uss(PyObject *self, PyObject *args)
     if (! PyArg_ParseTuple(args, "l", &pid))
         return NULL;
 
-    proc = psutil_handle_from_pid(pid);
+
+    proc = psutil_handle_from_pid(pid, access);
     if (proc == NULL)
         return NULL;
 
@@ -1350,7 +1354,7 @@ psutil_proc_open_files(PyObject *self, PyObject *args) {
     if (! PyArg_ParseTuple(args, "l", &pid))
         return NULL;
 
-    processHandle = psutil_handle_from_pid_waccess(pid, access);
+    processHandle = psutil_handle_from_pid(pid, access);
     if (processHandle == NULL)
         return NULL;
     py_retlist = psutil_get_open_files(pid, processHandle);
@@ -1412,8 +1416,7 @@ psutil_proc_username(PyObject *self, PyObject *args) {
     if (! PyArg_ParseTuple(args, "l", &pid))
         return NULL;
 
-    processHandle = psutil_handle_from_pid_waccess(
-        pid, PROCESS_QUERY_INFORMATION);
+    processHandle = psutil_handle_from_pid(pid, PROCESS_QUERY_INFORMATION);
     if (processHandle == NULL)
         return NULL;
 
@@ -2055,7 +2058,7 @@ psutil_proc_priority_get(PyObject *self, PyObject *args) {
 
     if (! PyArg_ParseTuple(args, "l", &pid))
         return NULL;
-    hProcess = psutil_handle_from_pid(pid);
+    hProcess = psutil_handle_from_pid(pid, PROCESS_QUERY_LIMITED_INFORMATION);
     if (hProcess == NULL)
         return NULL;
     priority = GetPriorityClass(hProcess);
@@ -2079,7 +2082,7 @@ psutil_proc_priority_set(PyObject *self, PyObject *args) {
 
     if (! PyArg_ParseTuple(args, "li", &pid, &priority))
         return NULL;
-    hProcess = psutil_handle_from_pid_waccess(pid, access);
+    hProcess = psutil_handle_from_pid(pid, access);
     if (hProcess == NULL)
         return NULL;
     retval = SetPriorityClass(hProcess, priority);
@@ -2106,7 +2109,7 @@ psutil_proc_io_priority_get(PyObject *self, PyObject *args) {
 
     if (! PyArg_ParseTuple(args, "l", &pid))
         return NULL;
-    hProcess = psutil_handle_from_pid(pid);
+    hProcess = psutil_handle_from_pid(pid, PROCESS_QUERY_LIMITED_INFORMATION);
     if (hProcess == NULL)
         return NULL;
 
@@ -2130,7 +2133,7 @@ psutil_proc_io_priority_set(PyObject *self, PyObject *args) {
     long pid;
     DWORD prio;
     HANDLE hProcess;
-    DWORD dwDesiredAccess = PROCESS_QUERY_INFORMATION | PROCESS_SET_INFORMATION;
+    DWORD access = PROCESS_QUERY_INFORMATION | PROCESS_SET_INFORMATION;
 
     _NtSetInformationProcess NtSetInformationProcess =
         (_NtSetInformationProcess)GetProcAddress(
@@ -2144,7 +2147,7 @@ psutil_proc_io_priority_set(PyObject *self, PyObject *args) {
 
     if (! PyArg_ParseTuple(args, "li", &pid, &prio))
         return NULL;
-    hProcess = psutil_handle_from_pid_waccess(pid, dwDesiredAccess);
+    hProcess = psutil_handle_from_pid(pid, access);
     if (hProcess == NULL)
         return NULL;
 
@@ -2172,7 +2175,7 @@ psutil_proc_io_counters(PyObject *self, PyObject *args) {
 
     if (! PyArg_ParseTuple(args, "l", &pid))
         return NULL;
-    hProcess = psutil_handle_from_pid(pid);
+    hProcess = psutil_handle_from_pid(pid, PROCESS_QUERY_LIMITED_INFORMATION);
     if (NULL == hProcess)
         return NULL;
     if (! GetProcessIoCounters(hProcess, &IoCounters)) {
@@ -2202,7 +2205,7 @@ psutil_proc_cpu_affinity_get(PyObject *self, PyObject *args) {
 
     if (! PyArg_ParseTuple(args, "l", &pid))
         return NULL;
-    hProcess = psutil_handle_from_pid(pid);
+    hProcess = psutil_handle_from_pid(pid, PROCESS_QUERY_LIMITED_INFORMATION);
     if (hProcess == NULL) {
         return NULL;
     }
@@ -2227,8 +2230,7 @@ static PyObject *
 psutil_proc_cpu_affinity_set(PyObject *self, PyObject *args) {
     DWORD pid;
     HANDLE hProcess;
-    DWORD dwDesiredAccess = \
-        PROCESS_QUERY_INFORMATION | PROCESS_SET_INFORMATION;
+    DWORD access = PROCESS_QUERY_INFORMATION | PROCESS_SET_INFORMATION;
     DWORD_PTR mask;
 
 #ifdef _WIN64
@@ -2239,7 +2241,7 @@ psutil_proc_cpu_affinity_set(PyObject *self, PyObject *args) {
     {
         return NULL;
     }
-    hProcess = psutil_handle_from_pid_waccess(pid, dwDesiredAccess);
+    hProcess = psutil_handle_from_pid(pid, access);
     if (hProcess == NULL)
         return NULL;
 
@@ -2877,7 +2879,7 @@ psutil_proc_num_handles(PyObject *self, PyObject *args) {
 
     if (! PyArg_ParseTuple(args, "l", &pid))
         return NULL;
-    hProcess = psutil_handle_from_pid(pid);
+    hProcess = psutil_handle_from_pid(pid, PROCESS_QUERY_LIMITED_INFORMATION);
     if (NULL == hProcess)
         return NULL;
     if (! GetProcessHandleCount(hProcess, &handleCount)) {
@@ -3025,6 +3027,8 @@ psutil_proc_memory_maps(PyObject *self, PyObject *args) {
     WCHAR mappedFileName[MAX_PATH];
     SYSTEM_INFO system_info;
     LPVOID maxAddr;
+    // required by GetMappedFileNameW
+    DWORD access = PROCESS_QUERY_INFORMATION | PROCESS_VM_READ;
     PyObject *py_retlist = PyList_New(0);
     PyObject *py_tuple = NULL;
     PyObject *py_str = NULL;
@@ -3033,7 +3037,7 @@ psutil_proc_memory_maps(PyObject *self, PyObject *args) {
         return NULL;
     if (! PyArg_ParseTuple(args, "l", &pid))
         goto error;
-    hProcess = psutil_handle_from_pid(pid);
+    hProcess = psutil_handle_from_pid(pid, access);
     if (NULL == hProcess)
         goto error;
 

diff --git a/psutil/arch/windows/process_info.c b/psutil/arch/windows/process_info.c
@@ -272,7 +272,7 @@ psutil_check_phandle(HANDLE hProcess, DWORD pid) {
  * Return a process handle or NULL.
  */
 HANDLE
-psutil_handle_from_pid_waccess(DWORD pid, DWORD dwDesiredAccess) {
+psutil_handle_from_pid(DWORD pid, DWORD dwDesiredAccess) {
     HANDLE hProcess;
 
     if (pid == 0) {
@@ -285,18 +285,6 @@ psutil_handle_from_pid_waccess(DWORD pid, DWORD dwDesiredAccess) {
 }
 
 
-/*
- * Same as psutil_handle_from_pid_waccess but implicitly uses
- * PROCESS_QUERY_INFORMATION | PROCESS_VM_READ as dwDesiredAccess
- * parameter for OpenProcess.
- */
-HANDLE
-psutil_handle_from_pid(DWORD pid) {
-    DWORD dwDesiredAccess = PROCESS_QUERY_INFORMATION | PROCESS_VM_READ;
-    return psutil_handle_from_pid_waccess(pid, dwDesiredAccess);
-}
-
-
 DWORD *
 psutil_get_pids(DWORD *numberOfReturnedPIDs) {
     // Win32 SDK says the only way to know if our process array
@@ -553,8 +541,9 @@ static int psutil_get_process_data(long pid,
     BOOL weAreWow64;
     BOOL theyAreWow64;
 #endif
+    DWORD access = PROCESS_QUERY_INFORMATION | PROCESS_VM_READ;
 
-    hProcess = psutil_handle_from_pid(pid);
+    hProcess = psutil_handle_from_pid(pid, access);
     if (hProcess == NULL)
         return -1;
 

diff --git a/psutil/arch/windows/process_info.h b/psutil/arch/windows/process_info.h
@@ -17,8 +17,7 @@
 
 
 DWORD* psutil_get_pids(DWORD *numberOfReturnedPIDs);
-HANDLE psutil_handle_from_pid(DWORD pid);
-HANDLE psutil_handle_from_pid_waccess(DWORD pid, DWORD dwDesiredAccess);
+HANDLE psutil_handle_from_pid(DWORD pid, DWORD dwDesiredAccess);
 int psutil_pid_is_running(DWORD pid);
 int psutil_get_proc_info(DWORD pid, PSYSTEM_PROCESS_INFORMATION *retProcess,
                          PVOID *retBuffer);