diff options
| author | Corinna Vinschen <corinna@vinschen.de> | 2015-04-16 23:27:49 +0300 |
|---|---|---|
| committer | Corinna Vinschen <corinna@vinschen.de> | 2015-04-16 23:27:49 +0300 |
| commit | e26cf1c5d71a4f63eb23a075a555868bdbe3970f (patch) | |
| tree | 25924f2c3b3e4e57a9e8f312fc7782f7fb1e2102 /winsup | |
| parent | c14215de386c5e03195c2218a773a32cd4694ccc (diff) | |
Fix merging group perms into owner perms in owner == group case
* sec_acl.cc (set_posix_access): Move merging group perms into owner
perms in case of owner == group after mask has been computed. Take
mask into account when doing so to avoid unnecessary ACCESS_DENIED_ACE.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Diffstat (limited to 'winsup')
| -rw-r--r-- | winsup/cygwin/ChangeLog | 6 | ||||
| -rw-r--r-- | winsup/cygwin/sec_acl.cc | 10 |
2 files changed, 11 insertions, 5 deletions
diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog index bd5ea550a..2ecafa0ba 100644 --- a/winsup/cygwin/ChangeLog +++ b/winsup/cygwin/ChangeLog @@ -1,5 +1,11 @@ 2015-04-16 Corinna Vinschen <corinna@vinschen.de> + * sec_acl.cc (set_posix_access): Move merging group perms into owner + perms in case of owner == group after mask has been computed. Take + mask into account when doing so to avoid unnecessary ACCESS_DENIED_ACE. + +2015-04-16 Corinna Vinschen <corinna@vinschen.de> + * sec_acl.cc (get_posix_access): Only set saw_group_obj flag if we saw the ACCESS_ALLOWED_ACE. diff --git a/winsup/cygwin/sec_acl.cc b/winsup/cygwin/sec_acl.cc index 1855bb625..b25e9b337 100644 --- a/winsup/cygwin/sec_acl.cc +++ b/winsup/cygwin/sec_acl.cc @@ -274,11 +274,6 @@ set_posix_access (mode_t attr, uid_t uid, gid_t gid, tmp_idx = searchace (aclbufp, nentries, def | OTHER_OBJ); other_obj = aclbufp[tmp_idx].a_perm; - /* Do we potentially chmod a file with owner SID == group SID? If so, - make sure the owner perms are always >= group perms. */ - if (!def && owner_eq_group) - aclbufp[0].a_perm |= group_obj; - /* ... class_obj. Create Cygwin ACE. Only the S_ISGID attribute gets inherited. */ access = CYG_ACE_ISBITS_TO_WIN (def ? attr & S_ISGID : attr); @@ -300,6 +295,11 @@ set_posix_access (mode_t attr, uid_t uid, gid_t gid, inherit)) return NULL; + /* Do we potentially chmod a file with owner SID == group SID? If so, + make sure the owner perms are always >= group perms. */ + if (!def && owner_eq_group) + aclbufp[0].a_perm |= group_obj & class_obj; + /* This loop has two runs, the first w/ check_types == (USER_OBJ | USER), the second w/ check_types == (GROUP_OBJ | GROUP). Each run creates first the deny, then the allow ACEs for the current types. */ |