Mail Archives: cygwin-developers/1999/10/01/05:26:14
This is a multi-part message in MIME format.
--------------DF624562A8A7FABAFF6989FE
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Hello!
The attached patch corrects the setting of the FILE_DELETE_CHILD bit
in the security descriptor, which is similar to the S_ISVTX bit.
The settings of ntea are now only used if ntsec is not allowed.
_unlink now doesn't queue the file into the delqueue, if the last
error was ERROR_ACCESS_DENIED because this return code won't change
later if you don't have the permissions.
Regards,
Corinna
ChangeLog:
==========
Fri Oct 1 11:16:00 Corinna Vinschen <corinna AT vinschen DOT de>
* security.cc (alloc_sd): Corrected setting of
FILE_DELETE_CHILD.
(get_file_attribute): read ntea attributes only if
ntsec is disabled.
* syscalls.cc (_unlink): Don't queue file into delqueue
if DeleteFile returns ERROR_ACCESS_DENIED.
--------------DF624562A8A7FABAFF6989FE
Content-Type: text/plain; charset=us-ascii;
name="ntsec-patch11"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="ntsec-patch11"
Index: security.cc
===================================================================
RCS file: /src/cvsroot/winsup-990916/security.cc,v
retrieving revision 1.1.1.1
diff -u -p -r1.1.1.1 security.cc
--- security.cc 1999/09/17 07:37:35 1.1.1.1
+++ security.cc 1999/10/01 08:57:47
@@ -537,8 +537,8 @@ get_nt_attribute (const char *file, int
*attribute |= S_IXUSR;
if (! group_sid || ! has_group_bits)
*attribute |= S_IXGRP;
- // sticky bit for directories according to linux rules
- // no sense for files but who cares?
+ // Sticky bit for directories according to linux rules.
+ // No sense for files.
if (! (ace->Mask & FILE_DELETE_CHILD) &&
S_ISDIR(*attribute))
*attribute |= S_ISVTX;
@@ -566,22 +566,25 @@ get_file_attribute (int use_ntsec, const
return -1;
}
- int res = NTReadEA (file, ".UNIXATTR", (char *) attribute,
- sizeof (*attribute));
+ int res;
+ if (use_ntsec && allow_ntsec)
+ {
+ res = get_nt_attribute (file, attribute);
+ if (!res)
+ return 0;
+ }
+
+ res = NTReadEA (file, ".UNIXATTR", (char *) attribute, sizeof (*attribute));
+
// symlinks are anything for everyone!
if ((*attribute & S_IFLNK) == S_IFLNK)
*attribute |= S_IRWXU | S_IRWXG | S_IRWXO;
- if (!use_ntsec || !allow_ntsec)
- {
- if (res > 0)
- return 0;
- set_errno (ENOSYS);
- return -1;
- }
-
- return get_nt_attribute (file, attribute);
+ if (res > 0)
+ return 0;
+ set_errno (ENOSYS);
+ return -1;
}
PSECURITY_DESCRIPTOR
@@ -678,12 +681,22 @@ alloc_sd (uid_t uid, gid_t gid, int attr
DWORD access = STANDARD_RIGHTS_ALL;
+ /*
+ * VTX bit may only be set if executable for `other' is set.
+ * For correct handling under WinNT, FILE_DELETE_CHILD has to
+ * be (un)set in each ACE.
+ */
+ if (! (attribute & S_IXOTH))
+ attribute &= ~S_ISVTX;
+
if (attribute & S_IRUSR)
access |= FILE_GENERIC_READ | FILE_WRITE_ATTRIBUTES | FILE_WRITE_EA;
if (attribute & S_IWUSR)
- access |= FILE_GENERIC_WRITE | DELETE | FILE_DELETE_CHILD;
+ access |= FILE_GENERIC_WRITE | DELETE;
if (attribute & S_IXUSR)
access |= FILE_GENERIC_EXECUTE;
+ if (! (attribute & S_ISVTX))
+ access |= FILE_DELETE_CHILD;
if (! AddAccessAllowedAce (acl, ACL_REVISION, access, owner_sid))
debug_printf ("AddAccessAllowedAce(owner) %E");
if (GetAce(acl, 0, (PVOID *) &ace))
@@ -710,10 +723,11 @@ alloc_sd (uid_t uid, gid_t gid, int attr
if (attribute & S_IRGRP)
access |= FILE_GENERIC_READ;
if (attribute & S_IWGRP)
- access |= STANDARD_RIGHTS_ALL | FILE_GENERIC_WRITE
- | DELETE | FILE_DELETE_CHILD;
+ access |= STANDARD_RIGHTS_ALL | FILE_GENERIC_WRITE | DELETE;
if (attribute & S_IXGRP)
access |= FILE_GENERIC_EXECUTE;
+ if (! (attribute & S_ISVTX))
+ access |= FILE_DELETE_CHILD;
if (! AddAccessAllowedAce (acl, ACL_REVISION, access, group_sid))
debug_printf ("AddAccessAllowedAce(group) %E");
if (GetAce(acl, 1 + ace_off, (PVOID *) &ace))
@@ -726,15 +740,11 @@ alloc_sd (uid_t uid, gid_t gid, int attr
if (attribute & S_IROTH)
access |= FILE_GENERIC_READ;
if (attribute & S_IWOTH)
- {
- access |= STANDARD_RIGHTS_ALL | FILE_GENERIC_WRITE | DELETE;
- // sticky bit for directories according to linux rules
- // no sense for files but who cares?
- if (! (attribute & S_ISVTX))
- access |= FILE_DELETE_CHILD;
- }
+ access |= STANDARD_RIGHTS_ALL | FILE_GENERIC_WRITE | DELETE;
if (attribute & S_IXOTH)
access |= FILE_GENERIC_EXECUTE;
+ if (! (attribute & S_ISVTX))
+ access |= FILE_DELETE_CHILD;
if (! AddAccessAllowedAce (acl, ACL_REVISION, access, get_world_sid ()))
debug_printf ("AddAccessAllowedAce(world) %E");
Index: syscalls.cc
===================================================================
RCS file: /src/cvsroot/winsup-990916/syscalls.cc,v
retrieving revision 1.2
diff -u -p -r1.2 syscalls.cc
--- syscalls.cc 1999/09/30 14:10:44 1.2
+++ syscalls.cc 1999/10/01 08:25:31
@@ -90,8 +90,7 @@ _unlink (const char *ourname)
/* If we get ERROR_SHARING_VIOLATION, the file may still be open -
Windows NT doesn't support deleting a file while it's open. */
- if (res == ERROR_SHARING_VIOLATION
- || res == ERROR_ACCESS_DENIED)
+ if (res == ERROR_SHARING_VIOLATION)
{
cygwin_shared->delqueue.queue_file (win32_name.get_win32 ());
res = 0;
--------------DF624562A8A7FABAFF6989FE--
- Raw text -