diff options
| -rw-r--r-- | winsup/cygwin/sec_acl.cc | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/winsup/cygwin/sec_acl.cc b/winsup/cygwin/sec_acl.cc index 28daadd68..138fd3e59 100644 --- a/winsup/cygwin/sec_acl.cc +++ b/winsup/cygwin/sec_acl.cc @@ -151,6 +151,7 @@ set_posix_access (mode_t attr, uid_t uid, gid_t gid, int idx, start_idx, tmp_idx; bool owner_eq_group = false; bool dev_has_admins = false; + bool has_class_obj; /* Initialize local security descriptor. */ RtlCreateSecurityDescriptor (&sd, SECURITY_DESCRIPTOR_REVISION); @@ -339,6 +340,7 @@ set_posix_access (mode_t attr, uid_t uid, gid_t gid, tmp_idx = searchace (aclbufp, nentries, def | CLASS_OBJ); if (tmp_idx >= 0) { + has_class_obj = true; class_obj = aclbufp[tmp_idx].a_perm; access |= CYG_ACE_MASK_TO_WIN (class_obj); } @@ -346,6 +348,7 @@ set_posix_access (mode_t attr, uid_t uid, gid_t gid, { /* Setting class_obj to group_obj allows to write below code without additional checks for existence of a CLASS_OBJ. */ + has_class_obj = false; class_obj = group_obj; } /* Note that Windows filters the ACE Mask value so it only reflects @@ -358,9 +361,9 @@ set_posix_access (mode_t attr, uid_t uid, gid_t gid, no special bits set. In all other cases we either need the NULL SID ACE or we write it to avoid calls to AuthZ from get_posix_access. */ if (!S_ISCHR (attr) - && access != CYG_ACE_NEW_STYLE - && ((user_obj | group_obj | other_obj) != user_obj - || (group_obj | other_obj) != group_obj) + && (has_class_obj + || ((user_obj | group_obj | other_obj) != user_obj + || (group_obj | other_obj) != group_obj)) && !add_access_denied_ace (acl, access, well_known_null_sid, acl_len, inherit)) return NULL; |