2 files changed, 11 insertions, 8 deletions

diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog
index bcc0e552c..50f23f7c4 100644
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@@ -1,3 +1,8 @@
+2001-04-26  Kazuhiro Fujieda  <fujieda@jaist.ac.jp>
+
+        * security.cc (alloc_sd): Add unrelated ACCESS_ALLOWED_ACE behind
+	the `everyone' ACE.
+
 Wed Apr 25 15:07:37 2001  Christopher Faylor <cgf@cygnus.com>
 
 	* sigproc.h [sigthread]: Add exception field.  [sigframe::~sigframe]:
diff --git a/winsup/cygwin/security.cc b/winsup/cygwin/security.cc
index c814379f4..b24d648e3 100644
--- a/winsup/cygwin/security.cc
+++ b/winsup/cygwin/security.cc
@@ -622,6 +622,11 @@ alloc_sd (uid_t uid, gid_t gid, const char *logsrv, int attribute,
 				group_sid, acl_len, inherit))
     return NULL;
 
+  /* Set allow ACE for everyone. */
+  if (!add_access_allowed_ace (acl, ace_off++, other_allow,
+				get_world_sid (), acl_len, inherit))
+    return NULL;
+
   /* Get owner and group from current security descriptor. */
   PSID cur_owner_sid = NULL;
   PSID cur_group_sid = NULL;
@@ -649,8 +654,7 @@ alloc_sd (uid_t uid, gid_t gid, const char *logsrv, int attribute,
 	    continue;
 	  /*
 	   * Add unrelated ACCESS_DENIED_ACE to the beginning but
-	   * behind the owner_deny, ACCESS_ALLOWED_ACE to the end
-	   * but in front of the `everyone' ACE.
+	   * behind the owner_deny, ACCESS_ALLOWED_ACE to the end.
 	   */
 	  if (!AddAce(acl, ACL_REVISION,
 		       ace->Header.AceType == ACCESS_DENIED_ACE_TYPE ?
@@ -661,14 +665,8 @@ alloc_sd (uid_t uid, gid_t gid, const char *logsrv, int attribute,
 	      return NULL;
 	    }
 	  acl_len += ace->Header.AceSize;
-	  ++ace_off;
 	}
 
-  /* Set allow ACE for everyone. */
-  if (!add_access_allowed_ace (acl, ace_off++, other_allow,
-				get_world_sid (), acl_len, inherit))
-    return NULL;
-
   /* Set AclSize to computed value. */
   acl->AclSize = acl_len;
   debug_printf ("ACL-Size: %d", acl_len);