https://sourceware.org/git/gitweb.cgi?p=newlib-cygwin.git;h=90e006a63dd9594c5d05b7251e27d16bceab3cac
commit 90e006a63dd9594c5d05b7251e27d16bceab3cac Author: Corinna Vinschen <[email protected]> Date: Tue Nov 10 10:00:33 2015 +0100 get_posix_access: Skip merging permissions if user can't get more permissions * sec_acl.cc (get_posix_access): Skip merging permissions if current user has rwx permissions anywa, or if the sum of all group and other permissions is less than or equal to the user's permissions. Signed-off-by: Corinna Vinschen <[email protected]> Diff: --- winsup/cygwin/ChangeLog | 6 ++++++ winsup/cygwin/sec_acl.cc | 13 +++++++++++-- 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog index 4491123..49bac71 100644 --- a/winsup/cygwin/ChangeLog +++ b/winsup/cygwin/ChangeLog @@ -1,5 +1,11 @@ 2015-11-18 Corinna Vinschen <[email protected]> + * sec_acl.cc (get_posix_access): Skip merging permissions if current + user has rwx permissions anywa, or if the sum of all group and other + permissions is less than or equal to the user's permissions. + +2015-11-18 Corinna Vinschen <[email protected]> + * sec_acl.cc (get_posix_access): Fix computation of effective user permissions to handle current user, not only the file owner. diff --git a/winsup/cygwin/sec_acl.cc b/winsup/cygwin/sec_acl.cc index a9e1dea..f632410 100644 --- a/winsup/cygwin/sec_acl.cc +++ b/winsup/cygwin/sec_acl.cc @@ -1019,8 +1019,17 @@ get_posix_access (PSECURITY_DESCRIPTOR psd, { mode_t perm; - /* If we use the Windows user DB, utilize Authz to make sure all - user permissions are correctly reflecting the Windows + /* Don't merge if the user already has all permissions, or... */ + if (lacl[idx].a_perm == S_IRWXO) + continue; + /* ...if the sum of perms is less than or equal the user's perms. */ + perm = lacl[idx].a_perm + | (has_class_perm ? class_perm : lacl[1].a_perm) + | lacl[2].a_perm; + if (perm == lacl[idx].a_perm) + continue; + /* Otherwise, if we use the Windows user DB, utilize Authz to make + sure all user permissions are correctly reflecting the Windows permissions. */ if (cygheap->pg.nss_pwd_db () && authz_get_user_attribute (&perm, psd, aclsid[idx]))
