drew
/
acadia-newlib
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Try to avoid creating dangerous DENY ACEs 

* sec_acl.cc (set_posix_access): Don't create DENY ACEs for USER and
        GROUP entries if they are the same as USER_OBJ or GROUP_OBJ.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
This commit is contained in:
Corinna Vinschen 2015-04-18 17:07:08 +02:00
parent f63dffb818
commit 2e950b1edd
2 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
winsup/cygwin/ChangeLog
View File

@ -1,3 +1,8 @@
2015-04-17 Corinna Vinschen <corinna@vinschen.de>
* sec_acl.cc (set_posix_access): Don't create DENY ACEs for USER and
GROUP entries if they are the same as USER_OBJ or GROUP_OBJ.
2015-04-17 Corinna Vinschen <corinna@vinschen.de> 2015-04-17 Corinna Vinschen <corinna@vinschen.de>
* fhandler.h (fhandler_pty_slave::facl): Add prototype. * fhandler.h (fhandler_pty_slave::facl): Add prototype.

6
winsup/cygwin/sec_acl.cc
View File

@ -316,6 +316,12 @@ set_posix_access (mode_t attr, uid_t uid, gid_t gid,
idx < nentries && aclbufp[idx].a_type & check_types; idx < nentries && aclbufp[idx].a_type & check_types;
++idx) ++idx)
{ {
/* Avoid to create DENY ACEs for the second orrurence of
accounts which show up twice, as USER_OBJ and USER, or
GROUP_OBJ and GROUP. */
if ((aclbufp[idx].a_type & USER && aclsid[idx] == owner)
|| (aclbufp[idx].a_type & GROUP && aclsid[idx] == group))
continue;
/* For the rules how to construct the deny access mask, see the /* For the rules how to construct the deny access mask, see the
comment right at the start of this file. */ comment right at the start of this file. */
if (aclbufp[idx].a_type & USER_OBJ) if (aclbufp[idx].a_type & USER_OBJ)