* fhandler_disk_file.cc (fhandler_base::fstat_helper): Drop all "other"

	permissions from st_mode, if the reading the file's security descriptor
	failed.  Explain why.

2 files changed, 12 insertions, 0 deletions

diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog
index 703a3ee14..02e616606 100644
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@@ -1,3 +1,9 @@
+2009-11-08  Corinna Vinschen  <corinna@vinschen.de>
+
+	* fhandler_disk_file.cc (fhandler_base::fstat_helper): Drop all "other"
+	permissions from st_mode, if the reading the file's security descriptor
+	failed.  Explain why.
+
 2009-11-06  Corinna Vinschen  <corinna@vinschen.de>
 
 	* globals.cc (ro_u_scr): New R/O unicode string.
diff --git a/winsup/cygwin/fhandler_disk_file.cc b/winsup/cygwin/fhandler_disk_file.cc
index 44e03d31a..e57000472 100644
--- a/winsup/cygwin/fhandler_disk_file.cc
+++ b/winsup/cygwin/fhandler_disk_file.cc
@@ -670,6 +670,12 @@ fhandler_base::fstat_helper (struct __stat64 *buf,
 
       /* This fakes the permissions of all files to match the current umask. */
       buf->st_mode &= ~(cygheap->umask);
+      /* If the FS supports ACLs, we're here because we couldn't even open
+	 the file for READ_CONTROL access.  Chances are high that the file's
+	 security descriptor has no ACE for "Everyone", so we should not fake
+	 any access for "others". */
+      if (has_acls ())
+	buf->st_mode &= ~(S_IROTH | S_IWOTH | S_IXOTH);
     }
 
  done: