diff options
| author | Eric Blake <eblake@redhat.com> | 2009-09-25 17:44:45 +0400 |
|---|---|---|
| committer | Eric Blake <eblake@redhat.com> | 2009-09-25 17:44:45 +0400 |
| commit | 3dbe243afa103716b4f6e227087d447afdd09fad (patch) | |
| tree | 22968367aeda9510d05198488749af53faa0a710 /winsup/cygwin/security.cc | |
| parent | 5386cd8ecc95e8f8e69460edac473236caa5e9fe (diff) | |
Fix faccessat(,0) and access() semantics.
* fhandler.h (fhandler_base::fhaccess): Add parameter.
* security.h (check_file_access, check_registry_access): Likewise.
* security.cc (check_file_access, check_registry_access)
(check_access): Implement new parameter.
* fhandler.cc (fhandler_base::fhaccess): Likewise.
(device_access_denied): Update caller.
* syscalls.cc (access, faccessat): Update callers.
* spawn.cc (find_exec, fixup): Likewise.
Diffstat (limited to 'winsup/cygwin/security.cc')
| -rw-r--r-- | winsup/cygwin/security.cc | 17 |
1 files changed, 9 insertions, 8 deletions
diff --git a/winsup/cygwin/security.cc b/winsup/cygwin/security.cc index 00a8c32cd..c33be76c7 100644 --- a/winsup/cygwin/security.cc +++ b/winsup/cygwin/security.cc @@ -1,7 +1,7 @@ /* security.cc: NT file access control functions Copyright 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, - 2006, 2007 Red Hat, Inc. + 2006, 2007, 2008, 2009 Red Hat, Inc. Originaly written by Gunther Ebert, gunther.ebert@ixos-leipzig.de Completely rewritten by Corinna Vinschen <corinna@vinschen.de> @@ -725,15 +725,16 @@ set_file_attribute (HANDLE handle, path_conv &pc, static int check_access (security_descriptor &sd, GENERIC_MAPPING &mapping, - DWORD desired, int flags) + DWORD desired, int flags, bool effective) { int ret = -1; BOOL status; DWORD granted; DWORD plen = sizeof (PRIVILEGE_SET) + 3 * sizeof (LUID_AND_ATTRIBUTES); PPRIVILEGE_SET pset = (PPRIVILEGE_SET) alloca (plen); - HANDLE tok = cygheap->user.issetuid () ? cygheap->user.imp_token () - : hProcImpToken; + HANDLE tok = ((effective && cygheap->user.issetuid ()) + ? cygheap->user.imp_token () + : hProcImpToken); if (!tok && !DuplicateTokenEx (hProcToken, MAXIMUM_ALLOWED, NULL, SecurityImpersonation, TokenImpersonation, @@ -794,7 +795,7 @@ check_access (security_descriptor &sd, GENERIC_MAPPING &mapping, } int -check_file_access (path_conv &pc, int flags) +check_file_access (path_conv &pc, int flags, bool effective) { security_descriptor sd; int ret = -1; @@ -810,13 +811,13 @@ check_file_access (path_conv &pc, int flags) if (flags & X_OK) desired |= FILE_EXECUTE; if (!get_file_sd (NULL, pc, sd)) - ret = check_access (sd, mapping, desired, flags); + ret = check_access (sd, mapping, desired, flags, effective); debug_printf ("flags %x, ret %d", flags, ret); return ret; } int -check_registry_access (HANDLE hdl, int flags) +check_registry_access (HANDLE hdl, int flags, bool effective) { security_descriptor sd; int ret = -1; @@ -832,7 +833,7 @@ check_registry_access (HANDLE hdl, int flags) if (flags & X_OK) desired |= KEY_QUERY_VALUE; if (!get_reg_sd (hdl, sd)) - ret = check_access (sd, mapping, desired, flags); + ret = check_access (sd, mapping, desired, flags, effective); /* As long as we can't write the registry... */ if (flags & W_OK) { |