diff options
Diffstat (limited to 'winsup/cygwin/security.cc')
| -rw-r--r-- | winsup/cygwin/security.cc | 42 |
1 files changed, 27 insertions, 15 deletions
diff --git a/winsup/cygwin/security.cc b/winsup/cygwin/security.cc index 6d891c1ac..5fca6746e 100644 --- a/winsup/cygwin/security.cc +++ b/winsup/cygwin/security.cc @@ -468,22 +468,34 @@ set_created_file_access (HANDLE handle, path_conv &pc, mode_t attr) if ((nentries = get_posix_access (sd, &attr_rd, &uid, &gid, aclp, MAX_ACL_ENTRIES)) >= 0) { - /* Symlinks always get the request POSIX perms. */ if (S_ISLNK (attr)) - attr_rd = 0777; - /* Overwrite ACL permissions as required by POSIX 1003.1e - draft 17. */ - aclp[0].a_perm = ((attr & attr_rd) >> 6) & S_IRWXO; - /* Deliberate deviation from POSIX 1003.1e here. We're not - writing CLASS_OBJ *or* GROUP_OBJ, but both. Otherwise we're - going to be in constant trouble with user expectations. */ - if ((idx = searchace (aclp, nentries, GROUP_OBJ)) >= 0) - aclp[idx].a_perm = ((attr & attr_rd) >> 3) & S_IRWXO; - if (nentries > MIN_ACL_ENTRIES - && (idx = searchace (aclp, nentries, CLASS_OBJ)) >= 0) - aclp[idx].a_perm = ((attr & attr_rd) >> 3) & S_IRWXO; - if ((idx = searchace (aclp, nentries, OTHER_OBJ)) >= 0) - aclp[idx].a_perm = (attr & attr_rd) & S_IRWXO; + { + /* Symlinks always get the request POSIX perms. */ + aclp[0].a_perm = (attr >> 6) & S_IRWXO; + if ((idx = searchace (aclp, nentries, GROUP_OBJ)) >= 0) + aclp[idx].a_perm = (attr >> 3) & S_IRWXO; + if (nentries > MIN_ACL_ENTRIES + && (idx = searchace (aclp, nentries, CLASS_OBJ)) >= 0) + aclp[idx].a_perm = (attr >> 3) & S_IRWXO; + if ((idx = searchace (aclp, nentries, OTHER_OBJ)) >= 0) + aclp[idx].a_perm = attr & S_IRWXO; + } + else + { + /* Overwrite ACL permissions as required by POSIX 1003.1e + draft 17. */ + aclp[0].a_perm &= (attr >> 6) & S_IRWXO; + /* Deliberate deviation from POSIX 1003.1e here. We're not + writing CLASS_OBJ *or* GROUP_OBJ, but both. Otherwise we're + going to be in constant trouble with user expectations. */ + if ((idx = searchace (aclp, nentries, GROUP_OBJ)) >= 0) + aclp[idx].a_perm &= (attr >> 3) & S_IRWXO; + if (nentries > MIN_ACL_ENTRIES + && (idx = searchace (aclp, nentries, CLASS_OBJ)) >= 0) + aclp[idx].a_perm &= (attr >> 3) & S_IRWXO; + if ((idx = searchace (aclp, nentries, OTHER_OBJ)) >= 0) + aclp[idx].a_perm &= attr & S_IRWXO; + } /* Construct appropriate inherit attribute for new directories. Basically we do this only for the sake of non-Cygwin applications. Cygwin applications don't need these. Additionally, if the |