* environ.cc (set_traverse): Remove.

(parse_thing): Drop "traverse" option. * path.cc (fs_info::update): Don't request SE_CHANGE_NOTIFY_PRIV privilege. * sec_helper.cc (set_cygwin_privileges): Ditto. * security.cc (allow_traverse): Remove. (alloc_sd): Drop special allow_traverse code. * security.h (allow_traverse): Drop declaration. * syscalls.cc (statvfs): Don't request SE_CHANGE_NOTIFY_PRIV privilege.
2006-12-12 18:47:25 +00:00 · 2006-12-12 18:47:25 +00:00 · a889232410
parent 5684cfebba
commit a889232410
7 changed files with 12 additions and 28 deletions
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@ -1,3 +1,15 @@
+2006-12-12  Corinna Vinschen  <corinna@vinschen.de>
+
+	* environ.cc (set_traverse): Remove.
+	(parse_thing): Drop "traverse" option.
+	* path.cc (fs_info::update): Don't request SE_CHANGE_NOTIFY_PRIV
+	privilege.
+	* sec_helper.cc (set_cygwin_privileges): Ditto.
+	* security.cc (allow_traverse): Remove.
+	(alloc_sd): Drop special allow_traverse code.
+	* security.h (allow_traverse): Drop declaration.
+	* syscalls.cc (statvfs): Don't request SE_CHANGE_NOTIFY_PRIV privilege.
+
 2006-12-12  Corinna Vinschen  <corinna@vinschen.de>

 	Partially revert change from 2005-04-03, always running under an
--- a/winsup/cygwin/environ.cc
+++ b/winsup/cygwin/environ.cc
@ -571,12 +571,6 @@ set_ntsec (const char *buf)
  allow_ntsec = (buf && strcasematch (buf, "yes") && wincap.has_security ());
 }

-static void
-set_traverse (const char *buf)
-{
-  allow_traverse = (buf && strcasematch (buf, "yes") && wincap.has_security ());
-}
-
 static void
 set_smbntsec (const char *buf)
 {
@ -628,7 +622,6 @@ static struct parse_thing
  {"subauth_id", {func: &subauth_id_init}, isfunc, NULL, {{0}, {0}}},
 #endif
  {"title", {&display_title}, justset, NULL, {{false}, {true}}},
-  {"traverse", {func: set_traverse}, isfunc, NULL, {{0}, {s: "yes"}}},
  {"tty", {NULL}, set_process_state, NULL, {{0}, {PID_USETTY}}},
  {"winsymlinks", {&allow_winsymlinks}, justset, NULL, {{false}, {true}}},
  {"transparent_exe", {&transparent_exe}, justset, NULL, {{false}, {true}}},
--- a/winsup/cygwin/path.cc
+++ b/winsup/cygwin/path.cc
@ -413,10 +413,6 @@ fs_info::update (const char *win32_path)
  name_hash = tmp_name_hash;
  root_len = strlen (root_dir);

-  /* I have no idea why, but some machines require SeChangeNotifyPrivilege
-     to access volume information. */
-  push_thread_privilege (SE_CHANGE_NOTIFY_PRIV, true);
-
  drive_type (GetDriveType (root_dir));
  if (drive_type () == DRIVE_REMOTE
      || (drive_type () == DRIVE_UNKNOWN
@ -428,8 +424,6 @@ fs_info::update (const char *win32_path)
  ret = GetVolumeInformation (root_dir, NULL, 0, &status.serial, NULL,
 			      &status.flags, fsname, sizeof (fsname));

-  pop_thread_privilege ();
-
  if (!ret && !is_remote_drive ())
    {
      debug_printf ("Cannot get volume information (%s), %E", root_dir);
--- a/winsup/cygwin/sec_helper.cc
+++ b/winsup/cygwin/sec_helper.cc
@ -507,7 +507,6 @@ set_cygwin_privileges (HANDLE token)
 {
  set_privilege (token, SE_RESTORE_PRIV, true);
  set_privilege (token, SE_BACKUP_PRIV, true);
-  set_privilege (token, SE_CHANGE_NOTIFY_PRIV, !allow_traverse);
 }

 /* Function to return a common SECURITY_DESCRIPTOR that
--- a/winsup/cygwin/security.cc
+++ b/winsup/cygwin/security.cc
@ -48,7 +48,6 @@ bool allow_ntsec;
 /* allow_smbntsec is handled exclusively in path.cc (path_conv::check).
   It's defined here because of it's strong relationship to allow_ntsec. */
 bool allow_smbntsec;
-bool allow_traverse;

 extern "C" void
 cygwin_set_impersonation_token (const HANDLE hToken)
@ -1833,14 +1832,6 @@ alloc_sd (__uid32_t uid, __gid32_t gid, int attribute,
  /* Construct allow attribute for owner. */
  DWORD owner_allow = STANDARD_RIGHTS_ALL
 		      | FILE_WRITE_ATTRIBUTES | FILE_WRITE_EA;
-  /* This has nothing to do with traverse checking in the first place, but
-     since traverse checking is the setting which switches to POSIX-like
-     permission rules, the below is all too similar.  Removing the delete
-     bit for a file or directory results in checking the parent directories'
-     ACL, if the current user has the FILE_DELETE_CHILD bit set.  This is
-     how it is on POSIX systems. */
-  if (allow_traverse)
-    owner_allow &= ~DELETE;
  if (attribute & S_IRUSR)
    owner_allow |= FILE_GENERIC_READ;
  if (attribute & S_IWUSR)
--- a/winsup/cygwin/security.h
+++ b/winsup/cygwin/security.h
@ -338,7 +338,6 @@ legal_sid_type (SID_NAME_USE type)
 extern bool allow_ntea;
 extern bool allow_ntsec;
 extern bool allow_smbntsec;
-extern bool allow_traverse;

 /* File manipulation */
 int __stdcall get_file_attribute (int, HANDLE, const char *, mode_t *,
--- a/winsup/cygwin/syscalls.cc
+++ b/winsup/cygwin/syscalls.cc
@ -1904,8 +1904,6 @@ statvfs (const char *fname, struct statvfs *sfs)
  DWORD spc, bps, availc, freec, totalc, vsn, maxlen, flags;
  BOOL status, statusex;

-  push_thread_privilege (SE_CHANGE_NOTIFY_PRIV, true);
-
  /* GetDiskFreeSpaceEx must be called before GetDiskFreeSpace on
     WinME, to avoid the MS KB 314417 bug */
  statusex = GetDiskFreeSpaceEx (root, &availb, &totalb, &freeb);
@ -1970,8 +1968,6 @@ statvfs (const char *fname, struct statvfs *sfs)
  if (ret)
    __seterrno ();

-  pop_thread_privilege ();
-
  return ret;
 }