From 28f2a08860aaa26c5cd04d3fd059a3f35363d668 Mon Sep 17 00:00:00 2001
From: Corinna Vinschen <corinna@vinschen.de>
Date: Tue, 19 Apr 2005 10:10:13 +0000
Subject: [PATCH] 	* security.cc (alloc_sd): Remove DELETE bit from
 user's ACE if 	allow_traverse is set.

---
 winsup/cygwin/ChangeLog   | 5 +++++
 winsup/cygwin/security.cc | 8 ++++++++
 2 files changed, 13 insertions(+)

diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog
index c5b5e6907..54bfc8df9 100644
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@@ -1,3 +1,8 @@
+2005-04-19  Corinna Vinschen  <corinna@vinschen.de>
+
+	* security.cc (alloc_sd): Remove DELETE bit from user's ACE if
+	allow_traverse is set.
+
 2005-04-19  Corinna Vinschen  <corinna@vinschen.de>
 
 	* cygwin.din (pselect): Export.
diff --git a/winsup/cygwin/security.cc b/winsup/cygwin/security.cc
index e2a9426a4..5d7930c38 100644
--- a/winsup/cygwin/security.cc
+++ b/winsup/cygwin/security.cc
@@ -1553,6 +1553,14 @@ alloc_sd (__uid32_t uid, __gid32_t gid, int attribute,
   /* Construct allow attribute for owner. */
   DWORD owner_allow = STANDARD_RIGHTS_ALL
 		      | FILE_WRITE_ATTRIBUTES | FILE_WRITE_EA;
+  /* This has nothing to do with traverse checking in the first place, but
+     since traverse checking is the setting which switches to POSIX-like
+     permission rules, the below is all too similar.  Removing the delete
+     bit for a file or directory results in checking the parent directories'
+     ACL, if the current user has the FILE_DELETE_CHILD bit set.  This is
+     how it is on POSIX systems. */
+  if (allow_traverse)
+    owner_allow &= ~DELETE;
   if (attribute & S_IRUSR)
     owner_allow |= FILE_GENERIC_READ;
   if (attribute & S_IWUSR)