diff options
author | Corinna Vinschen <corinna@vinschen.de> | 2023-02-09 23:25:03 +0300 |
---|---|---|
committer | Corinna Vinschen <corinna@vinschen.de> | 2023-02-09 23:59:47 +0300 |
commit | 56751f7f05dca86be15642628c874ea0b2207fc6 (patch) | |
tree | 31b9b770188f16010a1329b3b31e83b116321539 /winsup/cygwin | |
parent | df34bd951d5cccdfee8ad6d1c658953305b5b684 (diff) |
Cygwin: mkdir: use correct default permissions filtered by umask
Older coreutils created directories with mode bits filtered through
umask. Newer coreutils creates directories with full permissions,
0777 by default.
This new coreutils behaviour uncovered the fact that default ACEs for
newly created directories were not filtered by umask starting with
commit bc444e5aa4ca.
Fix it by applying umask on the default ACEs.
Fixes: bc444e5aa4ca ("Reapply POSIX ACL change.")
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Diffstat (limited to 'winsup/cygwin')
-rw-r--r-- | winsup/cygwin/release/3.4.6 | 3 | ||||
-rw-r--r-- | winsup/cygwin/sec/base.cc | 8 |
2 files changed, 8 insertions, 3 deletions
diff --git a/winsup/cygwin/release/3.4.6 b/winsup/cygwin/release/3.4.6 index c21c44fbf..f9288dc79 100644 --- a/winsup/cygwin/release/3.4.6 +++ b/winsup/cygwin/release/3.4.6 @@ -6,3 +6,6 @@ Addresses: https://cygwin.com/pipermail/cygwin/2023-January/252916.html Don't reject valid server and share names when mounting. Addresses: https://cygwin.com/pipermail/cygwin/2023-January/252928.html + +Create directories with correctly umask-filtered default ACEs. +Addresses: https://cygwin.com/pipermail/cygwin/2023-February/253037.html diff --git a/winsup/cygwin/sec/base.cc b/winsup/cygwin/sec/base.cc index dc85ca72a..e84bc2aee 100644 --- a/winsup/cygwin/sec/base.cc +++ b/winsup/cygwin/sec/base.cc @@ -495,23 +495,25 @@ set_created_file_access (HANDLE handle, path_conv &pc, mode_t attr) S_ISGID bit is set, propagate it. */ if (S_ISDIR (attr)) { + mode_t def_attr = attr & ~cygheap->umask; + if (searchace (aclp, nentries, DEF_USER_OBJ) < 0) { aclp[nentries].a_type = DEF_USER_OBJ; aclp[nentries].a_id = ILLEGAL_UID; - aclp[nentries++].a_perm = (attr >> 6) & S_IRWXO; + aclp[nentries++].a_perm = (def_attr >> 6) & S_IRWXO; } if (searchace (aclp, nentries, DEF_GROUP_OBJ) < 0) { aclp[nentries].a_type = DEF_GROUP_OBJ; aclp[nentries].a_id = ILLEGAL_GID; - aclp[nentries++].a_perm = (attr >> 3) & S_IRWXO; + aclp[nentries++].a_perm = (def_attr >> 3) & S_IRWXO; } if (searchace (aclp, nentries, DEF_OTHER_OBJ) < 0) { aclp[nentries].a_type = DEF_OTHER_OBJ; aclp[nentries].a_id = ILLEGAL_UID; - aclp[nentries++].a_perm = attr & S_IRWXO; + aclp[nentries++].a_perm = def_attr & S_IRWXO; } if (attr_rd & S_ISGID) attr |= S_ISGID; |