diff options
| author | Corinna Vinschen <corinna@vinschen.de> | 2008-10-13 20:01:50 +0400 |
|---|---|---|
| committer | Corinna Vinschen <corinna@vinschen.de> | 2008-10-13 20:01:50 +0400 |
| commit | 5f9ca0d25add60f331f8a39ce308ffd99157f0b4 (patch) | |
| tree | c1d177ee909a07cfd67a08089b7f45c4718c9d2d | |
| parent | 423fd4f2f40540074f56cb8e6f24ac34ca82184c (diff) | |
* sec_acl.cc (setacl): Align standard owner and group permissions
with alloc_sd. Strip FILE_READ_ATTRIBUTES fromn setting
FILE_GENERIC_EXECUTE permissions same as in alloc_sd.
* security.cc (alloc_sd): Reformat expression. Strip EA permission
bits from owner_deny and group_deny computation.
| -rw-r--r-- | winsup/cygwin/ChangeLog | 8 | ||||
| -rw-r--r-- | winsup/cygwin/sec_acl.cc | 11 | ||||
| -rw-r--r-- | winsup/cygwin/security.cc | 10 |
3 files changed, 19 insertions, 10 deletions
diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog index 02dc26644..0c3361fcf 100644 --- a/winsup/cygwin/ChangeLog +++ b/winsup/cygwin/ChangeLog @@ -1,3 +1,11 @@ +2008-10-13 Corinna Vinschen <corinna@vinschen.de> + + * sec_acl.cc (setacl): Align standard owner and group permissions + with alloc_sd. Strip FILE_READ_ATTRIBUTES fromn setting + FILE_GENERIC_EXECUTE permissions same as in alloc_sd. + * security.cc (alloc_sd): Reformat expression. Strip EA permission + bits from owner_deny and group_deny computation. + 2008-10-09 Corinna Vinschen <corinna@vinschen.de> * fhandler_disk_file.cc (fhandler_base::fstat_helper): Check diff --git a/winsup/cygwin/sec_acl.cc b/winsup/cygwin/sec_acl.cc index efee4e6e8..2496ce0e5 100644 --- a/winsup/cygwin/sec_acl.cc +++ b/winsup/cygwin/sec_acl.cc @@ -104,18 +104,21 @@ setacl (HANDLE handle, path_conv &pc, int nentries, __aclent32_t *aclbufp, DWORD allow; /* Owner has more standard rights set. */ if ((aclbufp[i].a_type & ~ACL_DEFAULT) == USER_OBJ) - allow = STANDARD_RIGHTS_ALL | FILE_WRITE_ATTRIBUTES | FILE_WRITE_EA; + allow = STANDARD_RIGHTS_ALL + | (pc.fs_is_samba () + ? 0 : (FILE_READ_ATTRIBUTES | FILE_WRITE_ATTRIBUTES)); else - allow = STANDARD_RIGHTS_READ | FILE_READ_ATTRIBUTES | FILE_READ_EA; + allow = STANDARD_RIGHTS_READ + | (pc.fs_is_samba () ? 0 : FILE_READ_ATTRIBUTES); if (aclbufp[i].a_perm & S_IROTH) allow |= FILE_GENERIC_READ; if (aclbufp[i].a_perm & S_IWOTH) { - allow |= STANDARD_RIGHTS_WRITE | FILE_GENERIC_WRITE; + allow |= FILE_GENERIC_WRITE; writable = true; } if (aclbufp[i].a_perm & S_IXOTH) - allow |= FILE_GENERIC_EXECUTE; + allow |= FILE_GENERIC_EXECUTE & ~FILE_READ_ATTRIBUTES; if ((aclbufp[i].a_perm & (S_IWOTH | S_IXOTH)) == (S_IWOTH | S_IXOTH)) allow |= FILE_DELETE_CHILD; /* Set inherit property. */ diff --git a/winsup/cygwin/security.cc b/winsup/cygwin/security.cc index 58c740e21..66dc93c98 100644 --- a/winsup/cygwin/security.cc +++ b/winsup/cygwin/security.cc @@ -479,8 +479,8 @@ alloc_sd (path_conv &pc, __uid32_t uid, __gid32_t gid, int attribute, owner_allow |= FILE_DELETE_CHILD; /* Construct allow attribute for group. */ - DWORD group_allow = STANDARD_RIGHTS_READ | - (pc.fs_is_samba () ? 0 : FILE_READ_ATTRIBUTES); + DWORD group_allow = STANDARD_RIGHTS_READ + | (pc.fs_is_samba () ? 0 : FILE_READ_ATTRIBUTES); if (attribute & S_IRGRP) group_allow |= FILE_GENERIC_READ; if (attribute & S_IWGRP) @@ -526,12 +526,10 @@ alloc_sd (path_conv &pc, __uid32_t uid, __gid32_t gid, int attribute, DWORD owner_deny = ~owner_allow & (group_allow | other_allow); owner_deny &= ~(STANDARD_RIGHTS_READ - | FILE_READ_ATTRIBUTES | FILE_READ_EA - | FILE_WRITE_ATTRIBUTES | FILE_WRITE_EA); + | FILE_READ_ATTRIBUTES | FILE_WRITE_ATTRIBUTES); DWORD group_deny = ~group_allow & other_allow; - group_deny &= ~(STANDARD_RIGHTS_READ - | FILE_READ_ATTRIBUTES | FILE_READ_EA); + group_deny &= ~(STANDARD_RIGHTS_READ | FILE_READ_ATTRIBUTES); /* Set deny ACE for owner. */ if (owner_deny |