This is the mail archive of the cygwin-cvs@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[newlib-cygwin] Apply mask execute bit for SYSTEM and Admins group.


https://sourceware.org/git/gitweb.cgi?p=newlib-cygwin.git;h=b364582734085ab498dcf75c2f4538d0c4253234

commit b364582734085ab498dcf75c2f4538d0c4253234
Author: Corinna Vinschen <corinna@vinschen.de>
Date:   Mon Apr 20 12:06:05 2015 +0200

    Apply mask execute bit for SYSTEM and Admins group.
    
            * sec_acl.cc (set_posix_access): Apply mask only in terms of execute bit
            for SYSTEM and Admins group.
    
            * getfacl.c (main): Special-case SYSTEM and Admins group.  Add comments.
    
    Signed-off-by: Corinna Vinschen <corinna@vinschen.de>

Diff:
---
 winsup/cygwin/ChangeLog  |  5 +++++
 winsup/cygwin/sec_acl.cc | 12 +++++++-----
 winsup/utils/ChangeLog   |  4 ++++
 winsup/utils/getfacl.c   | 20 ++++++++++++++++++--
 4 files changed, 34 insertions(+), 7 deletions(-)

diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog
index a19a9e9..dda1a95 100644
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@@ -1,3 +1,8 @@
+2015-04-20  Corinna Vinschen  <corinna@vinschen.de>
+
+	* sec_acl.cc (set_posix_access): Apply mask only in terms of execute bit
+	for SYSTEM and Admins group.
+
 2015-04-17  Corinna Vinschen  <corinna@vinschen.de>
 
 	* sec_acl.cc (set_posix_access): Don't create DENY ACEs for USER and
diff --git a/winsup/cygwin/sec_acl.cc b/winsup/cygwin/sec_acl.cc
index 65b3131..bddd21c 100644
--- a/winsup/cygwin/sec_acl.cc
+++ b/winsup/cygwin/sec_acl.cc
@@ -329,16 +329,18 @@ set_posix_access (mode_t attr, uid_t uid, gid_t gid,
 	      else if (aclbufp[idx].a_type & USER)
 		deny = (aclbufp[idx].a_perm ^ class_obj)
 		       | (~aclbufp[idx].a_perm & other_obj);
+	      /* Accommodate Windows: Only generate deny masks for SYSTEM
+		 and the Administrators group in terms of the execute bit,
+		 if they are not the primary group. */
+	      else if (aclbufp[idx].a_type & GROUP
+		       && (aclsid[idx] == well_known_system_sid
+			   || aclsid[idx] == well_known_admins_sid))
+		deny = aclbufp[idx].a_perm & ~(class_obj | S_IROTH | S_IWOTH);
 	      else
 		deny = (aclbufp[idx].a_perm & ~class_obj)
 		       | (~aclbufp[idx].a_perm & other_obj);
 	      if (!deny)
 		continue;
-	      /* Accommodate Windows: Never generate deny masks for SYSTEM
-		 and the Administrators group. */
-	      if (aclsid[idx] == well_known_system_sid
-		  || aclsid[idx] == well_known_admins_sid)
-		continue;
 	      access = 0;
 	      if (deny & S_IROTH)
 		access |= FILE_DENY_READ;
diff --git a/winsup/utils/ChangeLog b/winsup/utils/ChangeLog
index a48f869..b37792a 100644
--- a/winsup/utils/ChangeLog
+++ b/winsup/utils/ChangeLog
@@ -1,3 +1,7 @@
+2015-04-20  Corinna Vinschen  <corinna@vinschen.de>
+
+	* getfacl.c (main): Special-case SYSTEM and Admins group.  Add comments.
+
 2015-04-16  Corinna Vinschen  <corinna@vinschen.de>
 
 	* setfacl.c: Align more to Linux tool.
diff --git a/winsup/utils/getfacl.c b/winsup/utils/getfacl.c
index 07d8a8a..45e5e20 100644
--- a/winsup/utils/getfacl.c
+++ b/winsup/utils/getfacl.c
@@ -279,16 +279,32 @@ main (int argc, char **argv)
 	    {
 	    case USER:
 	    case GROUP_OBJ:
-	    case GROUP:
 	      effective = acls[i].a_perm & mask;
 	      print_effective = 1;
 	      break;
+	    case GROUP:
+	      /* Special case SYSTEM and Admins group:  The mask only
+	         applies to them as far as the execute bit is concerned. */
+	      if (acls[i].a_id == 18 || acls[i].a_id == 544)
+		effective = acls[i].a_perm & (mask | S_IROTH | S_IWOTH);
+	      else
+		effective = acls[i].a_perm & mask;
+	      print_effective = 1;
+	      break;
 	    case DEF_USER:
 	    case DEF_GROUP_OBJ:
-	    case DEF_GROUP:
 	      effective = acls[i].a_perm & def_mask;
 	      print_effective = 1;
 	      break;
+	    case DEF_GROUP:
+	      /* Special case SYSTEM and Admins group:  The mask only
+	         applies to them as far as the execute bit is concerned. */
+	      if (acls[i].a_id == 18 || acls[i].a_id == 544)
+		effective = acls[i].a_perm & (def_mask | S_IROTH | S_IWOTH);
+	      else
+		effective = acls[i].a_perm & def_mask;
+	      print_effective = 1;
+	      break;
 	    }
 	  if (print_effective && eopt >= 0
 	      && (eopt > 0 || effective != acls[i].a_perm))


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]