From ea1d2d4fe32ccc02553d58e034d2aa4f15aeb1ad Mon Sep 17 00:00:00 2001
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
Date: Thu, 2 May 2019 17:46:22 +0200
Subject: service: lock OS thread before making inheritable handles

---
 service/service_manager.go | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/service/service_manager.go b/service/service_manager.go
index 25729aed..9d60b57c 100644
--- a/service/service_manager.go
+++ b/service/service_manager.go
@@ -12,6 +12,7 @@ import (
 	"golang.zx2c4.com/wireguard/windows/ringlogger"
 	"log"
 	"os"
+	"runtime"
 	"runtime/debug"
 	"sync"
 	"syscall"
@@ -172,6 +173,7 @@ func (service *managerService) Execute(args []string, r <-chan svc.ChangeRequest
 	stoppingManager := false
 
 	startProcess = func(session uint32) {
+		defer runtime.UnlockOSThread()
 		for {
 			if stoppingManager {
 				return
@@ -216,6 +218,10 @@ func (service *managerService) Execute(args []string, r <-chan svc.ChangeRequest
 				return
 			}
 
+			//TODO: we lock the OS thread so that these inheritable handles don't escape into other processes that
+			// might be running in parallel Go routines. But the Go runtime is strange and who knows what's really
+			// happening with these or what is inherited. We need to do some analysis to be certain of what's going on.
+			runtime.LockOSThread()
 			ourReader, theirReader, theirReaderStr, ourWriter, theirWriter, theirWriterStr, err := inheritableSocketpairEmulation()
 			if err != nil {
 				log.Printf("Unable to create two inheritable pipes: %v", err)
@@ -253,6 +259,7 @@ func (service *managerService) Execute(args []string, r <-chan svc.ChangeRequest
 			theirReader.Close()
 			theirWriter.Close()
 			theirEvents.Close()
+			runtime.UnlockOSThread()
 			if err != nil {
 				log.Printf("Unable to start manager UI process: %v", err)
 				return
-- 
cgit v1.2.3-59-g8ed1b