https://sourceware.org/git/gitweb.cgi?p=newlib-cygwin.git;h=a238211828b59c9cb8f0851dc74ce59598dda337
commit a238211828b59c9cb8f0851dc74ce59598dda337
Author: Corinna Vinschen <cori...@vinschen.de>
AuthorDate: Wed Jan 15 11:22:38 2025 +0100
Commit: Corinna Vinschen <cori...@vinschen.de>
CommitDate: Wed Jan 15 12:27:03 2025 +0100
Cygwin: get_posix_access: don't drop admin and system perms in default ACL
The permissions of entries for SYSTEM and the Administrators group
are not added to the CLASS_OBJ entry, so they don't set the class
perms to rwx all the time.
This shouldn't be done for default perms, otherwise the resulting
permissions when generating new files might be surprisingly restricted
for Admins and SYSTEM.
Fixes: bc444e5aa4ca ("Reapply POSIX ACL changes.")
Signed-off-by: Corinna Vinschen <cori...@vinschen.de>
Diff:
---
winsup/cygwin/sec/acl.cc | 5 -----
1 file changed, 5 deletions(-)
diff --git a/winsup/cygwin/sec/acl.cc b/winsup/cygwin/sec/acl.cc
index a73fae3389ed..d68bebf928f3 100644
--- a/winsup/cygwin/sec/acl.cc
+++ b/winsup/cygwin/sec/acl.cc
@@ -995,11 +995,6 @@ get_posix_access (PSECURITY_DESCRIPTOR psd,
if (type & (USER | GROUP))
{
has_def_class_perm = true;
- /* Accommodate Windows: Never add SYSTEM and Admins to
- CLASS_OBJ. Unless (implicitly) if they are the
- GROUP_OBJ entry. */
- if (ace_sid != well_known_system_sid
- && ace_sid != well_known_admins_sid)
def_class_perm |= lacl[pos].a_perm;
}
/* And note the position of the DEF_GROUP_OBJ entry. */
