[newlib-cygwin] Handle permissions a bit closer to POSIX 1003.1e

public inbox for cygwin-cvs@sourceware.org
help / color / mirror / Atom feed

* [newlib-cygwin] Handle permissions a bit closer to POSIX 1003.1e
@ 2016-04-18 18:43 Corinna Vinschen
  0 siblings, 0 replies; only message in thread
From: Corinna Vinschen @ 2016-04-18 18:43 UTC (permalink / raw)
  To: cygwin-cvs

https://sourceware.org/git/gitweb.cgi?p=newlib-cygwin.git;h=97d0449325b740a9c122090f46813ec8ed91edc9

commit 97d0449325b740a9c122090f46813ec8ed91edc9
Author: Corinna Vinschen <corinna@vinschen.de>
Date:   Mon Apr 18 20:43:00 2016 +0200

    Handle permissions a bit closer to POSIX 1003.1e
    
    So far we tweaked ACL_GROUP_OBJ and ACL_MASK values the same way when
    creating a file.  We now do what POSIX requires, namely just change
    ACL_MASK if it's present, otherwise ACL_GROUP_OBJ.  Note that we only
    do this at creation time.  Chmod still tweaks both to create less
    surprising results for the unsuspecting user.
    
    Additionally make sure to take umask only into account if no ACL_MASK
    value is present.  That has been missed so far.
    
    	* sec_acl.cc (set_posix_access): Perform check for non-existant
    	default	ACEs earlier.  Ignore umask also if ACL_MASK is present.
    	Only set owner_eq_group if we're actually handling a user entry.
    	Mention chmod in a comment.
    	* security.cc (set_created_file_access): Perform group/mask
    	permission setting as required by POSIX 1003.1e.
    
    Signed-off-by: Corinna Vinschen <corinna@vinschen.de>

Diff:
---
 winsup/cygwin/sec_acl.cc  | 13 ++++++++-----
 winsup/cygwin/security.cc |  7 ++-----
 2 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/winsup/cygwin/sec_acl.cc b/winsup/cygwin/sec_acl.cc
index c8de174..8dd73b19 100644
--- a/winsup/cygwin/sec_acl.cc
+++ b/winsup/cygwin/sec_acl.cc
@@ -323,12 +323,12 @@ set_posix_access (mode_t attr, uid_t uid, gid_t gid,
 
       /* To check if the NULL SID deny ACE is required we need user_obj.  */
       tmp_idx = searchace (aclbufp, nentries, def | USER_OBJ);
-      user_obj = aclbufp[tmp_idx].a_perm;
-      /* To compute deny access masks, we need group_obj, other_obj and... */
-      tmp_idx = searchace (aclbufp, nentries, def | GROUP_OBJ);
       /* No default entries present? */
       if (tmp_idx < 0)
 	break;
+      user_obj = aclbufp[tmp_idx].a_perm;
+      /* To compute deny access masks, we need group_obj, other_obj and... */
+      tmp_idx = searchace (aclbufp, nentries, def | GROUP_OBJ);
       group_obj = aclbufp[tmp_idx].a_perm;
       tmp_idx = searchace (aclbufp, nentries, def | OTHER_OBJ);
       other_obj = aclbufp[tmp_idx].a_perm;
@@ -800,6 +800,7 @@ get_posix_access (PSECURITY_DESCRIPTOR psd,
 			  aclsid[pos] = well_known_null_sid;
 			}
 		      has_class_perm = true;
+		      standard_ACEs_only = false;
 		      class_perm = lacl[pos].a_perm;
 		    }
 		  if (ace->Header.AceFlags & SUB_CONTAINERS_AND_OBJECTS_INHERIT)
@@ -867,7 +868,8 @@ get_posix_access (PSECURITY_DESCRIPTOR psd,
 	{
 	  type = GROUP_OBJ;
 	  lacl[1].a_id = gid = id;
-	  owner_eq_group = true;
+	  if (type == USER_OBJ)
+	    owner_eq_group = true;
 	}
       if (!(ace->Header.AceFlags & INHERIT_ONLY || type & ACL_DEFAULT))
 	{
@@ -933,7 +935,8 @@ get_posix_access (PSECURITY_DESCRIPTOR psd,
 		 with a standard ACL, one only consisting of POSIX perms, plus
 		 SYSTEM and Admins as maximum non-POSIX perms entries.  If it's
 		 a standard ACL, we apply umask.  That's not entirely correct,
-		 but it's probably the best we can do. */
+		 but it's probably the best we can do.  Chmod also wants to
+		 know this.  See there for the details. */
 	      else if (type & (USER | GROUP)
 		       && standard_ACEs_only
 		       && ace_sid != well_known_system_sid
diff --git a/winsup/cygwin/security.cc b/winsup/cygwin/security.cc
index b733071..ed8f9ac 100644
--- a/winsup/cygwin/security.cc
+++ b/winsup/cygwin/security.cc
@@ -480,14 +480,11 @@ set_created_file_access (HANDLE handle, path_conv &pc, mode_t attr)
 	      /* Overwrite ACL permissions as required by POSIX 1003.1e
 		 draft 17. */
 	      aclp[0].a_perm &= (attr >> 6) & S_IRWXO;
-	      /* Deliberate deviation from POSIX 1003.1e here.  We're not
-		 writing CLASS_OBJ *or* GROUP_OBJ, but both.  Otherwise we're
-		 going to be in constant trouble with user expectations. */
-	      if ((idx = searchace (aclp, nentries, GROUP_OBJ)) >= 0)
-		aclp[idx].a_perm &= (attr >> 3) & S_IRWXO;
 	      if (nentries > MIN_ACL_ENTRIES
 		  && (idx = searchace (aclp, nentries, CLASS_OBJ)) >= 0)
 		aclp[idx].a_perm &= (attr >> 3) & S_IRWXO;
+	      else if ((idx = searchace (aclp, nentries, GROUP_OBJ)) >= 0)
+		aclp[idx].a_perm &= (attr >> 3) & S_IRWXO;
 	      if ((idx = searchace (aclp, nentries, OTHER_OBJ)) >= 0)
 		aclp[idx].a_perm &= attr & S_IRWXO;
 	    }


^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2016-04-18 18:43 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-04-18 18:43 [newlib-cygwin] Handle permissions a bit closer to POSIX 1003.1e Corinna Vinschen

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).