https://sourceware.org/git/gitweb.cgi?p=newlib-cygwin.git;h=a69b0cef71e808bebb9ed9fc0f62428710192be1
commit a69b0cef71e808bebb9ed9fc0f62428710192be1 Author: Corinna Vinschen <[email protected]> Date: Thu Apr 16 22:23:46 2015 +0200 Set GROUP_OBJ and CLASS_OBJ perms to new group perms * fhandler_disk_file.cc (fhandler_disk_file::fchmod): Deliberatly set GROUP_OBJ and CLASS_OBJ perms to new group perms. Add comment to explain why. * security.cc (set_created_file_access): Ditto. Signed-off-by: Corinna Vinschen <[email protected]> Diff: --- winsup/cygwin/ChangeLog | 7 +++++++ winsup/cygwin/fhandler_disk_file.cc | 7 +++++-- winsup/cygwin/security.cc | 7 +++++-- 3 files changed, 17 insertions(+), 4 deletions(-) diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog index ce198e2..9ec866f 100644 --- a/winsup/cygwin/ChangeLog +++ b/winsup/cygwin/ChangeLog @@ -1,5 +1,12 @@ 2015-04-16 Corinna Vinschen <[email protected]> + * fhandler_disk_file.cc (fhandler_disk_file::fchmod): Deliberatly + set GROUP_OBJ and CLASS_OBJ perms to new group perms. Add comment + to explain why. + * security.cc (set_created_file_access): Ditto. + +2015-04-16 Corinna Vinschen <[email protected]> + * sec_acl.cc (set_posix_access): Replace previous patch. Return EINVAL if uid and/or guid is invalid and not backed by an actual Windows account. diff --git a/winsup/cygwin/fhandler_disk_file.cc b/winsup/cygwin/fhandler_disk_file.cc index 2b30801..b283934 100644 --- a/winsup/cygwin/fhandler_disk_file.cc +++ b/winsup/cygwin/fhandler_disk_file.cc @@ -904,11 +904,14 @@ fhandler_disk_file::fchmod (mode_t mode) /* Overwrite ACL permissions as required by POSIX 1003.1e draft 17. */ aclp[0].a_perm = (mode >> 6) & S_IRWXO; + /* Deliberate deviation from POSIX 1003.1e here. We're not + writing CLASS_OBJ *or* GROUP_OBJ, but both. Otherwise we're + going to be in constant trouble with user expectations. */ + if ((idx = searchace (aclp, nentries, GROUP_OBJ)) >= 0) + aclp[idx].a_perm = (mode >> 3) & S_IRWXO; if (nentries > MIN_ACL_ENTRIES && (idx = searchace (aclp, nentries, CLASS_OBJ)) >= 0) aclp[idx].a_perm = (mode >> 3) & S_IRWXO; - else - aclp[1].a_perm = (mode >> 3) & S_IRWXO; if ((idx = searchace (aclp, nentries, OTHER_OBJ)) >= 0) aclp[idx].a_perm = mode & S_IRWXO; if (pc.isdir ()) diff --git a/winsup/cygwin/security.cc b/winsup/cygwin/security.cc index ea85634..170dc16 100644 --- a/winsup/cygwin/security.cc +++ b/winsup/cygwin/security.cc @@ -469,11 +469,14 @@ set_created_file_access (HANDLE handle, path_conv &pc, mode_t attr) /* Overwrite ACL permissions as required by POSIX 1003.1e draft 17. */ aclp[0].a_perm = ((attr & attr_rd) >> 6) & S_IRWXO; + /* Deliberate deviation from POSIX 1003.1e here. We're not + writing CLASS_OBJ *or* GROUP_OBJ, but both. Otherwise we're + going to be in constant trouble with user expectations. */ + if ((idx = searchace (aclp, nentries, GROUP_OBJ)) >= 0) + aclp[idx].a_perm = ((attr & attr_rd) >> 3) & S_IRWXO; if (nentries > MIN_ACL_ENTRIES && (idx = searchace (aclp, nentries, CLASS_OBJ)) >= 0) aclp[idx].a_perm = ((attr & attr_rd) >> 3) & S_IRWXO; - else - aclp[1].a_perm = ((attr & attr_rd) >> 3) & S_IRWXO; if ((idx = searchace (aclp, nentries, OTHER_OBJ)) >= 0) aclp[idx].a_perm = (attr & attr_rd) & S_IRWXO; /* Construct appropriate inherit attribute for new directories.
