From 5f9ca0d25add60f331f8a39ce308ffd99157f0b4 Mon Sep 17 00:00:00 2001 From: Corinna Vinschen Date: Mon, 13 Oct 2008 16:01:50 +0000 Subject: * sec_acl.cc (setacl): Align standard owner and group permissions with alloc_sd. Strip FILE_READ_ATTRIBUTES fromn setting FILE_GENERIC_EXECUTE permissions same as in alloc_sd. * security.cc (alloc_sd): Reformat expression. Strip EA permission bits from owner_deny and group_deny computation. --- winsup/cygwin/sec_acl.cc | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) (limited to 'winsup/cygwin/sec_acl.cc') diff --git a/winsup/cygwin/sec_acl.cc b/winsup/cygwin/sec_acl.cc index efee4e6e8..2496ce0e5 100644 --- a/winsup/cygwin/sec_acl.cc +++ b/winsup/cygwin/sec_acl.cc @@ -104,18 +104,21 @@ setacl (HANDLE handle, path_conv &pc, int nentries, __aclent32_t *aclbufp, DWORD allow; /* Owner has more standard rights set. */ if ((aclbufp[i].a_type & ~ACL_DEFAULT) == USER_OBJ) - allow = STANDARD_RIGHTS_ALL | FILE_WRITE_ATTRIBUTES | FILE_WRITE_EA; + allow = STANDARD_RIGHTS_ALL + | (pc.fs_is_samba () + ? 0 : (FILE_READ_ATTRIBUTES | FILE_WRITE_ATTRIBUTES)); else - allow = STANDARD_RIGHTS_READ | FILE_READ_ATTRIBUTES | FILE_READ_EA; + allow = STANDARD_RIGHTS_READ + | (pc.fs_is_samba () ? 0 : FILE_READ_ATTRIBUTES); if (aclbufp[i].a_perm & S_IROTH) allow |= FILE_GENERIC_READ; if (aclbufp[i].a_perm & S_IWOTH) { - allow |= STANDARD_RIGHTS_WRITE | FILE_GENERIC_WRITE; + allow |= FILE_GENERIC_WRITE; writable = true; } if (aclbufp[i].a_perm & S_IXOTH) - allow |= FILE_GENERIC_EXECUTE; + allow |= FILE_GENERIC_EXECUTE & ~FILE_READ_ATTRIBUTES; if ((aclbufp[i].a_perm & (S_IWOTH | S_IXOTH)) == (S_IWOTH | S_IXOTH)) allow |= FILE_DELETE_CHILD; /* Set inherit property. */ -- cgit v1.2.3