diff options
| author | Corinna Vinschen <corinna@vinschen.de> | 2009-11-03 12:31:45 +0300 |
|---|---|---|
| committer | Corinna Vinschen <corinna@vinschen.de> | 2009-11-03 12:31:45 +0300 |
| commit | 18f7c504018b80177b417789fc239d3837b95cd5 (patch) | |
| tree | d1de5004ddeb1a876c58764ef61fca30685550d4 /winsup/cygwin/security.cc | |
| parent | 1bb3825949d4fc475b460fa93af703c6f3a226cc (diff) | |
* security.cc (alloc_sd): Re-introduce setting the SE_DACL_PROTECTED
flag. Remove INHERITED_ACE flag from all inherited ACEs. Add comment.
Fix ace_off counter in unrelated ACE loop.
* wincap.cc: Re-add has_dacl_protect throughout.
* wincap.h: Ditto.
Diffstat (limited to 'winsup/cygwin/security.cc')
| -rw-r--r-- | winsup/cygwin/security.cc | 35 |
1 files changed, 24 insertions, 11 deletions
diff --git a/winsup/cygwin/security.cc b/winsup/cygwin/security.cc index f43b8affa..a8a251297 100644 --- a/winsup/cygwin/security.cc +++ b/winsup/cygwin/security.cc @@ -434,6 +434,11 @@ alloc_sd (path_conv &pc, __uid32_t uid, __gid32_t gid, int attribute, return NULL; } + /* We set the SE_DACL_PROTECTED flag here to prevent the DACL from being + * modified by inheritable ACEs. This flag is available since Win2K. */ + if (wincap.has_dacl_protect ()) + sd.Control |= SE_DACL_PROTECTED; + /* Create owner for local security descriptor. */ if (!SetSecurityDescriptorOwner (&sd, owner_sid, FALSE)) { @@ -591,27 +596,36 @@ alloc_sd (path_conv &pc, __uid32_t uid, __gid32_t gid, int attribute, else continue; } - else if ((attribute & S_JUSTCREATED) - && !(ace->Header.AceFlags & INHERITED_ACE)) - /* Since files and dirs are created with a NULL descriptor, - inheritence rules kick in. However, if no inheritable entries - exist in the parent object, Windows will create entries from the - user token's default DACL in the file DACL. These entries are - not desired and we drop them silently here. */ - continue; + else if (attribute & S_JUSTCREATED) + { + /* Since files and dirs are created with a NULL descriptor, + inheritence rules kick in. If no inheritable entries exist + in the parent object, Windows will create entries from the + user token's default DACL in the file DACL. These entries + are not desired and we drop them silently. */ + if (!(ace->Header.AceFlags & INHERITED_ACE)) + continue; + /* Remove the INHERITED_ACE flag since on POSIX systems + inheritance is settled when the file has been created. + This also avoids error messages in Windows Explorer when + opening a file's security tab. Explorer complains if + inheritable ACEs are preceding non-inheritable ACEs. */ + ace->Header.AceFlags &= ~INHERITED_ACE; + } /* * Add unrelated ACCESS_DENIED_ACE to the beginning but * behind the owner_deny, ACCESS_ALLOWED_ACE to the end. * FIXME: this would break the order of the inherit-only ACEs */ if (!AddAce (acl, ACL_REVISION, - ace->Header.AceType == ACCESS_DENIED_ACE_TYPE? - (owner_deny ? 1 : 0) : MAXDWORD, + ace->Header.AceType == ACCESS_DENIED_ACE_TYPE + ? (owner_deny ? 1 : 0) : MAXDWORD, (LPVOID) ace, ace->Header.AceSize)) { __seterrno (); return NULL; } + ace_off++; acl_len += ace->Header.AceSize; } @@ -620,7 +634,6 @@ alloc_sd (path_conv &pc, __uid32_t uid, __gid32_t gid, int attribute, { const DWORD inherit = CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE | INHERIT_ONLY_ACE; - #if 0 /* FIXME: Not done currently as this breaks the canonical order */ /* Set deny ACE for owner. */ if (owner_deny |