libs/newlib-cygwin
libs/newlib-cygwin
4
0
Fork 0
mirror of git://sourceware.org/git/newlib-cygwin.git synced 2025-01-30 11:00:41 +08:00
Code Issues Projects Releases Wiki Activity

* sec_acl.cc (setacl): Align standard owner and group permissions

Browse Source 
with alloc_sd.  Strip FILE_READ_ATTRIBUTES fromn setting
	FILE_GENERIC_EXECUTE permissions same as in alloc_sd.
	* security.cc (alloc_sd): Reformat expression.  Strip EA permission
	bits from owner_deny and group_deny computation.
This commit is contained in:
Corinna Vinschen 2008-10-13 16:01:50 +00:00
parent 423fd4f2f4
commit 5f9ca0d25a
3 changed files with 19 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
winsup/cygwin/ChangeLog
View File

@ -1,3 +1,11 @@
2008-10-13 Corinna Vinschen <corinna@vinschen.de>
* sec_acl.cc (setacl): Align standard owner and group permissions
with alloc_sd. Strip FILE_READ_ATTRIBUTES fromn setting
FILE_GENERIC_EXECUTE permissions same as in alloc_sd.
* security.cc (alloc_sd): Reformat expression. Strip EA permission
bits from owner_deny and group_deny computation.
2008-10-09 Corinna Vinschen <corinna@vinschen.de> 2008-10-09 Corinna Vinschen <corinna@vinschen.de>
* fhandler_disk_file.cc (fhandler_base::fstat_helper): Check * fhandler_disk_file.cc (fhandler_base::fstat_helper): Check

11
winsup/cygwin/sec_acl.cc
View File

@ -104,18 +104,21 @@ setacl (HANDLE handle, path_conv &pc, int nentries, __aclent32_t *aclbufp,
DWORD allow; DWORD allow;
/* Owner has more standard rights set. */ /* Owner has more standard rights set. */
if ((aclbufp[i].a_type & ~ACL_DEFAULT) == USER_OBJ) if ((aclbufp[i].a_type & ~ACL_DEFAULT) == USER_OBJ)
allow = STANDARD_RIGHTS_ALL | FILE_WRITE_ATTRIBUTES | FILE_WRITE_EA; allow = STANDARD_RIGHTS_ALL
| (pc.fs_is_samba ()
? 0 : (FILE_READ_ATTRIBUTES | FILE_WRITE_ATTRIBUTES));
else else
allow = STANDARD_RIGHTS_READ | FILE_READ_ATTRIBUTES | FILE_READ_EA; allow = STANDARD_RIGHTS_READ
| (pc.fs_is_samba () ? 0 : FILE_READ_ATTRIBUTES);
if (aclbufp[i].a_perm & S_IROTH) if (aclbufp[i].a_perm & S_IROTH)
allow |= FILE_GENERIC_READ; allow |= FILE_GENERIC_READ;
if (aclbufp[i].a_perm & S_IWOTH) if (aclbufp[i].a_perm & S_IWOTH)
{ {
allow |= STANDARD_RIGHTS_WRITE | FILE_GENERIC_WRITE; allow |= FILE_GENERIC_WRITE;
writable = true; writable = true;
} }
if (aclbufp[i].a_perm & S_IXOTH) if (aclbufp[i].a_perm & S_IXOTH)
allow |= FILE_GENERIC_EXECUTE; allow |= FILE_GENERIC_EXECUTE & ~FILE_READ_ATTRIBUTES;
if ((aclbufp[i].a_perm & (S_IWOTH | S_IXOTH)) == (S_IWOTH | S_IXOTH)) if ((aclbufp[i].a_perm & (S_IWOTH | S_IXOTH)) == (S_IWOTH | S_IXOTH))
allow |= FILE_DELETE_CHILD; allow |= FILE_DELETE_CHILD;
/* Set inherit property. */ /* Set inherit property. */

10
winsup/cygwin/security.cc
View File

@ -479,8 +479,8 @@ alloc_sd (path_conv &pc, __uid32_t uid, __gid32_t gid, int attribute,
owner_allow |= FILE_DELETE_CHILD; owner_allow |= FILE_DELETE_CHILD;
/* Construct allow attribute for group. */ /* Construct allow attribute for group. */
DWORD group_allow = STANDARD_RIGHTS_READ | DWORD group_allow = STANDARD_RIGHTS_READ
(pc.fs_is_samba () ? 0 : FILE_READ_ATTRIBUTES); | (pc.fs_is_samba () ? 0 : FILE_READ_ATTRIBUTES);
if (attribute & S_IRGRP) if (attribute & S_IRGRP)
group_allow |= FILE_GENERIC_READ; group_allow |= FILE_GENERIC_READ;
if (attribute & S_IWGRP) if (attribute & S_IWGRP)
@ -526,12 +526,10 @@ alloc_sd (path_conv &pc, __uid32_t uid, __gid32_t gid, int attribute,
DWORD owner_deny = ~owner_allow & (group_allow | other_allow); DWORD owner_deny = ~owner_allow & (group_allow | other_allow);
owner_deny &= ~(STANDARD_RIGHTS_READ owner_deny &= ~(STANDARD_RIGHTS_READ
| FILE_READ_ATTRIBUTES | FILE_READ_EA | FILE_READ_ATTRIBUTES | FILE_WRITE_ATTRIBUTES);
| FILE_WRITE_ATTRIBUTES | FILE_WRITE_EA);
DWORD group_deny = ~group_allow & other_allow; DWORD group_deny = ~group_allow & other_allow;
group_deny &= ~(STANDARD_RIGHTS_READ group_deny &= ~(STANDARD_RIGHTS_READ | FILE_READ_ATTRIBUTES);
| FILE_READ_ATTRIBUTES | FILE_READ_EA);
/* Set deny ACE for owner. */ /* Set deny ACE for owner. */
if (owner_deny if (owner_deny