diff options
| author | Corinna Vinschen <corinna@vinschen.de> | 2016-04-19 10:23:49 +0200 |
|---|---|---|
| committer | Corinna Vinschen <corinna@vinschen.de> | 2016-04-19 10:23:49 +0200 |
| commit | 7a5b4524431110fde4e9336f64ade73ab2c26b6b (patch) | |
| tree | 5a927fdaa26b8ee35f1b4ddb714bd8fbe2b794c0 /newlib | |
| parent | 97d0449325b740a9c122090f46813ec8ed91edc9 (diff) | |
| download | cygnal-7a5b4524431110fde4e9336f64ade73ab2c26b6b.tar.gz cygnal-7a5b4524431110fde4e9336f64ade73ab2c26b6b.tar.bz2 cygnal-7a5b4524431110fde4e9336f64ade73ab2c26b6b.zip | |
Disallow S_ISGID on directories without default ACL entries
We can't handle the S_ISGID bit if the child didn't inherit a NULL SID
ACE with the S_ISGID bit set. On directories without default ACL
entries we would have to add an inheritable NULL SID ACE and nothing else.
This in turn results in permission problems when calling set_file_sd
from set_created_file_access. That's fixable, but it would only work
for files created from Cygwin while files created from native Windows
tools end up with really ugly permissions.
This patch only makes sure that the S_ISGID bit is reset for a directory
if it has no inheritable ACEs. Still having the 's' bit shown in ls or
getfacl output would be misleading. So, calling `setfacl -k' on a dir
also removes the S_ISGID bit now.
* sec_acl.cc (set_posix_access): Drop S_ISGID bit on directories
without inheritable ACEs. Explain why.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Diffstat (limited to 'newlib')
0 files changed, 0 insertions, 0 deletions