From 971d2dffea7848270aa9dfb5c14dcd946c8971c0 Mon Sep 17 00:00:00 2001
From: Corinna Vinschen <corinna@vinschen.de>
Date: Fri, 21 Jul 2023 21:49:54 +0200
Subject: [PATCH] Cygwin: get_posix_access: do not merge permissions for just
 created files

When creating the POSIX ACL rewrite, the code merging permissions from
everyone/group to group/user ACEs was accidentally called for newly
generated files as well.

This could result in broken permissions, if umask used unusual values
like "0100", granted permissions to everyone/group not granted to
group/user.

Make sure to skip permission merging if the file got just created and
we only want to set correct permissions for the first time.

Fixes: bc444e5aa4ca ("Reapply POSIX ACL changes.")
Reported-by: Jon Turney <jon.turney@dronecode.org.uk>
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
---
 winsup/cygwin/sec/acl.cc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/winsup/cygwin/sec/acl.cc b/winsup/cygwin/sec/acl.cc
index 2fd08ad62..db86f9e9e 100644
--- a/winsup/cygwin/sec/acl.cc
+++ b/winsup/cygwin/sec/acl.cc
@@ -1103,7 +1103,7 @@ get_posix_access (PSECURITY_DESCRIPTOR psd,
     pos = MAX_ACL_ENTRIES;
 
   /* For old-style or non-Cygwin ACLs, check for merging permissions. */
-  if (!new_style)
+  if (!just_created && !new_style)
     for (idx = 0; idx < pos; ++idx)
       {
 	if (lacl[idx].a_type & (USER_OBJ | USER)