diff options
author | Corinna Vinschen <corinna@vinschen.de> | 2015-04-18 18:07:08 +0300 |
---|---|---|
committer | Corinna Vinschen <corinna@vinschen.de> | 2015-04-18 18:07:08 +0300 |
commit | 2e950b1edd5615bd145f2eaa99f03db4c998ed15 (patch) | |
tree | bec5cd448163d9e2e14490cb83dc63674a934d19 /winsup | |
parent | f63dffb818f9856a43ed6cfb3395d882b21d94b8 (diff) |
Try to avoid creating dangerous DENY ACEs
* sec_acl.cc (set_posix_access): Don't create DENY ACEs for USER and
GROUP entries if they are the same as USER_OBJ or GROUP_OBJ.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Diffstat (limited to 'winsup')
-rw-r--r-- | winsup/cygwin/ChangeLog | 5 | ||||
-rw-r--r-- | winsup/cygwin/sec_acl.cc | 6 |
2 files changed, 11 insertions, 0 deletions
diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog index 04bd520d8..a19a9e9e5 100644 --- a/winsup/cygwin/ChangeLog +++ b/winsup/cygwin/ChangeLog @@ -1,5 +1,10 @@ 2015-04-17 Corinna Vinschen <corinna@vinschen.de> + * sec_acl.cc (set_posix_access): Don't create DENY ACEs for USER and + GROUP entries if they are the same as USER_OBJ or GROUP_OBJ. + +2015-04-17 Corinna Vinschen <corinna@vinschen.de> + * fhandler.h (fhandler_pty_slave::facl): Add prototype. * fhandler_tty.cc (fhandler_pty_slave::facl): New method. (fhandler_pty_slave::fchown): Fix uid/gid handling. diff --git a/winsup/cygwin/sec_acl.cc b/winsup/cygwin/sec_acl.cc index 9336dea35..7e6507736 100644 --- a/winsup/cygwin/sec_acl.cc +++ b/winsup/cygwin/sec_acl.cc @@ -316,6 +316,12 @@ set_posix_access (mode_t attr, uid_t uid, gid_t gid, idx < nentries && aclbufp[idx].a_type & check_types; ++idx) { + /* Avoid to create DENY ACEs for the second orrurence of + accounts which show up twice, as USER_OBJ and USER, or + GROUP_OBJ and GROUP. */ + if ((aclbufp[idx].a_type & USER && aclsid[idx] == owner) + || (aclbufp[idx].a_type & GROUP && aclsid[idx] == group)) + continue; /* For the rules how to construct the deny access mask, see the comment right at the start of this file. */ if (aclbufp[idx].a_type & USER_OBJ) |