diff options
| author | Corinna Vinschen <corinna@vinschen.de> | 2010-12-16 13:31:09 +0300 |
|---|---|---|
| committer | Corinna Vinschen <corinna@vinschen.de> | 2010-12-16 13:31:09 +0300 |
| commit | 9296807af3c5ffe07fe00316dc7552a57df7fea9 (patch) | |
| tree | f744d53ec1cc89d4d2b2ee6983a3d5d83c41e9d2 /winsup/cygwin/security.cc | |
| parent | e445b7c33672fc8b81fabeff9e5cb795c87b87db (diff) | |
* security.cc (alloc_sd): Really fix erroneous inheritence entry
duplication now. Add more comments for clarity.
Diffstat (limited to 'winsup/cygwin/security.cc')
| -rw-r--r-- | winsup/cygwin/security.cc | 31 |
1 files changed, 20 insertions, 11 deletions
diff --git a/winsup/cygwin/security.cc b/winsup/cygwin/security.cc index cddb3f173..73b740c1d 100644 --- a/winsup/cygwin/security.cc +++ b/winsup/cygwin/security.cc @@ -641,25 +641,32 @@ alloc_sd (path_conv &pc, __uid32_t uid, __gid32_t gid, int attribute, { cygpsid ace_sid ((PSID) &ace->SidStart); - /* Check for related ACEs. */ + /* Always skip NULL SID as well as admins SID on virtual device files + in /proc/sys. */ if (ace_sid == well_known_null_sid || (S_ISCHR (attribute) && ace_sid == well_known_admins_sid)) continue; + /* Check for ACEs which are always created in the preceding code + and check for the default inheritence ACEs which will be created + for just created directories. Skip them for just created + directories or if they are not inherited. If they are inherited, + make sure they are *only* inherited, so they don't collide with + the permissions set in this function. */ if ((ace_sid == cur_owner_sid) || (ace_sid == owner_sid) || (ace_sid == cur_group_sid) - || (ace_sid == group_sid)) + || (ace_sid == group_sid) + || (ace_sid == well_known_creator_owner_sid) + || (ace_sid == well_known_creator_group_sid) + || (ace_sid == well_known_world_sid)) { - if (ace->Header.AceFlags - & (CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE)) - ace->Header.AceFlags |= INHERIT_ONLY_ACE; - else + if ((S_ISDIR (attribute) && (attribute & S_JUSTCREATED)) + || (ace->Header.AceFlags + & (CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE)) == 0) continue; + else + ace->Header.AceFlags |= INHERIT_ONLY_ACE; } - else if ((ace_sid == well_known_creator_owner_sid) - || (ace_sid == well_known_creator_group_sid) - || (ace_sid == well_known_world_sid)) - continue; if (attribute & S_JUSTCREATED) { /* Since files and dirs are created with a NULL descriptor, @@ -693,7 +700,9 @@ alloc_sd (path_conv &pc, __uid32_t uid, __gid32_t gid, int attribute, acl_len += ace->Header.AceSize; } - /* Construct appropriate inherit attribute for new directories */ + /* Construct appropriate inherit attribute for new directories. Keep in + mind that we do this only for the sake of non-Cygwin applications. + Cygwin applications don't need this. */ if (S_ISDIR (attribute) && (attribute & S_JUSTCREATED)) { const DWORD inherit = CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE |