This is the mail archive of the
cygwin-cvs@cygwin.com
mailing list for the Cygwin project.
[newlib-cygwin] Set GROUP_OBJ and CLASS_OBJ perms to new group perms
- From: Corinna Vinschen <corinna at sourceware dot org>
- To: cygwin-cvs at sourceware dot org
- Date: 16 Apr 2015 20:45:23 -0000
- Subject: [newlib-cygwin] Set GROUP_OBJ and CLASS_OBJ perms to new group perms
https://sourceware.org/git/gitweb.cgi?p=newlib-cygwin.git;h=a69b0cef71e808bebb9ed9fc0f62428710192be1
commit a69b0cef71e808bebb9ed9fc0f62428710192be1
Author: Corinna Vinschen <corinna@vinschen.de>
Date: Thu Apr 16 22:23:46 2015 +0200
Set GROUP_OBJ and CLASS_OBJ perms to new group perms
* fhandler_disk_file.cc (fhandler_disk_file::fchmod): Deliberatly
set GROUP_OBJ and CLASS_OBJ perms to new group perms. Add comment
to explain why.
* security.cc (set_created_file_access): Ditto.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Diff:
---
winsup/cygwin/ChangeLog | 7 +++++++
winsup/cygwin/fhandler_disk_file.cc | 7 +++++--
winsup/cygwin/security.cc | 7 +++++--
3 files changed, 17 insertions(+), 4 deletions(-)
diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog
index ce198e2..9ec866f 100644
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@@ -1,5 +1,12 @@
2015-04-16 Corinna Vinschen <corinna@vinschen.de>
+ * fhandler_disk_file.cc (fhandler_disk_file::fchmod): Deliberatly
+ set GROUP_OBJ and CLASS_OBJ perms to new group perms. Add comment
+ to explain why.
+ * security.cc (set_created_file_access): Ditto.
+
+2015-04-16 Corinna Vinschen <corinna@vinschen.de>
+
* sec_acl.cc (set_posix_access): Replace previous patch. Return
EINVAL if uid and/or guid is invalid and not backed by an actual
Windows account.
diff --git a/winsup/cygwin/fhandler_disk_file.cc b/winsup/cygwin/fhandler_disk_file.cc
index 2b30801..b283934 100644
--- a/winsup/cygwin/fhandler_disk_file.cc
+++ b/winsup/cygwin/fhandler_disk_file.cc
@@ -904,11 +904,14 @@ fhandler_disk_file::fchmod (mode_t mode)
/* Overwrite ACL permissions as required by POSIX 1003.1e
draft 17. */
aclp[0].a_perm = (mode >> 6) & S_IRWXO;
+ /* Deliberate deviation from POSIX 1003.1e here. We're not
+ writing CLASS_OBJ *or* GROUP_OBJ, but both. Otherwise we're
+ going to be in constant trouble with user expectations. */
+ if ((idx = searchace (aclp, nentries, GROUP_OBJ)) >= 0)
+ aclp[idx].a_perm = (mode >> 3) & S_IRWXO;
if (nentries > MIN_ACL_ENTRIES
&& (idx = searchace (aclp, nentries, CLASS_OBJ)) >= 0)
aclp[idx].a_perm = (mode >> 3) & S_IRWXO;
- else
- aclp[1].a_perm = (mode >> 3) & S_IRWXO;
if ((idx = searchace (aclp, nentries, OTHER_OBJ)) >= 0)
aclp[idx].a_perm = mode & S_IRWXO;
if (pc.isdir ())
diff --git a/winsup/cygwin/security.cc b/winsup/cygwin/security.cc
index ea85634..170dc16 100644
--- a/winsup/cygwin/security.cc
+++ b/winsup/cygwin/security.cc
@@ -469,11 +469,14 @@ set_created_file_access (HANDLE handle, path_conv &pc, mode_t attr)
/* Overwrite ACL permissions as required by POSIX 1003.1e
draft 17. */
aclp[0].a_perm = ((attr & attr_rd) >> 6) & S_IRWXO;
+ /* Deliberate deviation from POSIX 1003.1e here. We're not
+ writing CLASS_OBJ *or* GROUP_OBJ, but both. Otherwise we're
+ going to be in constant trouble with user expectations. */
+ if ((idx = searchace (aclp, nentries, GROUP_OBJ)) >= 0)
+ aclp[idx].a_perm = ((attr & attr_rd) >> 3) & S_IRWXO;
if (nentries > MIN_ACL_ENTRIES
&& (idx = searchace (aclp, nentries, CLASS_OBJ)) >= 0)
aclp[idx].a_perm = ((attr & attr_rd) >> 3) & S_IRWXO;
- else
- aclp[1].a_perm = ((attr & attr_rd) >> 3) & S_IRWXO;
if ((idx = searchace (aclp, nentries, OTHER_OBJ)) >= 0)
aclp[idx].a_perm = (attr & attr_rd) & S_IRWXO;
/* Construct appropriate inherit attribute for new directories.