Mailing-List: contact cygwin-developers-help AT sourceware DOT cygnus DOT com; run by ezmlm List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-developers-owner AT sourceware DOT cygnus DOT com Delivered-To: mailing list cygwin-developers AT sourceware DOT cygnus DOT com Message-ID: <37F47E16.2B9C312F@vinschen.de> Date: Fri, 01 Oct 1999 11:25:42 +0200 From: Corinna Vinschen X-Mailer: Mozilla 4.6 [en] (WinNT; I) X-Accept-Language: de,en MIME-Version: 1.0 To: cygdev , Chris Faylor Subject: ntsec-patch11 Content-Type: multipart/mixed; boundary="------------DF624562A8A7FABAFF6989FE" This is a multi-part message in MIME format. --------------DF624562A8A7FABAFF6989FE Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Hello! The attached patch corrects the setting of the FILE_DELETE_CHILD bit in the security descriptor, which is similar to the S_ISVTX bit. The settings of ntea are now only used if ntsec is not allowed. _unlink now doesn't queue the file into the delqueue, if the last error was ERROR_ACCESS_DENIED because this return code won't change later if you don't have the permissions. Regards, Corinna ChangeLog: ========== Fri Oct 1 11:16:00 Corinna Vinschen * security.cc (alloc_sd): Corrected setting of FILE_DELETE_CHILD. (get_file_attribute): read ntea attributes only if ntsec is disabled. * syscalls.cc (_unlink): Don't queue file into delqueue if DeleteFile returns ERROR_ACCESS_DENIED. --------------DF624562A8A7FABAFF6989FE Content-Type: text/plain; charset=us-ascii; name="ntsec-patch11" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="ntsec-patch11" Index: security.cc =================================================================== RCS file: /src/cvsroot/winsup-990916/security.cc,v retrieving revision 1.1.1.1 diff -u -p -r1.1.1.1 security.cc --- security.cc 1999/09/17 07:37:35 1.1.1.1 +++ security.cc 1999/10/01 08:57:47 @@ -537,8 +537,8 @@ get_nt_attribute (const char *file, int *attribute |= S_IXUSR; if (! group_sid || ! has_group_bits) *attribute |= S_IXGRP; - // sticky bit for directories according to linux rules - // no sense for files but who cares? + // Sticky bit for directories according to linux rules. + // No sense for files. if (! (ace->Mask & FILE_DELETE_CHILD) && S_ISDIR(*attribute)) *attribute |= S_ISVTX; @@ -566,22 +566,25 @@ get_file_attribute (int use_ntsec, const return -1; } - int res = NTReadEA (file, ".UNIXATTR", (char *) attribute, - sizeof (*attribute)); + int res; + if (use_ntsec && allow_ntsec) + { + res = get_nt_attribute (file, attribute); + if (!res) + return 0; + } + + res = NTReadEA (file, ".UNIXATTR", (char *) attribute, sizeof (*attribute)); + // symlinks are anything for everyone! if ((*attribute & S_IFLNK) == S_IFLNK) *attribute |= S_IRWXU | S_IRWXG | S_IRWXO; - if (!use_ntsec || !allow_ntsec) - { - if (res > 0) - return 0; - set_errno (ENOSYS); - return -1; - } - - return get_nt_attribute (file, attribute); + if (res > 0) + return 0; + set_errno (ENOSYS); + return -1; } PSECURITY_DESCRIPTOR @@ -678,12 +681,22 @@ alloc_sd (uid_t uid, gid_t gid, int attr DWORD access = STANDARD_RIGHTS_ALL; + /* + * VTX bit may only be set if executable for `other' is set. + * For correct handling under WinNT, FILE_DELETE_CHILD has to + * be (un)set in each ACE. + */ + if (! (attribute & S_IXOTH)) + attribute &= ~S_ISVTX; + if (attribute & S_IRUSR) access |= FILE_GENERIC_READ | FILE_WRITE_ATTRIBUTES | FILE_WRITE_EA; if (attribute & S_IWUSR) - access |= FILE_GENERIC_WRITE | DELETE | FILE_DELETE_CHILD; + access |= FILE_GENERIC_WRITE | DELETE; if (attribute & S_IXUSR) access |= FILE_GENERIC_EXECUTE; + if (! (attribute & S_ISVTX)) + access |= FILE_DELETE_CHILD; if (! AddAccessAllowedAce (acl, ACL_REVISION, access, owner_sid)) debug_printf ("AddAccessAllowedAce(owner) %E"); if (GetAce(acl, 0, (PVOID *) &ace)) @@ -710,10 +723,11 @@ alloc_sd (uid_t uid, gid_t gid, int attr if (attribute & S_IRGRP) access |= FILE_GENERIC_READ; if (attribute & S_IWGRP) - access |= STANDARD_RIGHTS_ALL | FILE_GENERIC_WRITE - | DELETE | FILE_DELETE_CHILD; + access |= STANDARD_RIGHTS_ALL | FILE_GENERIC_WRITE | DELETE; if (attribute & S_IXGRP) access |= FILE_GENERIC_EXECUTE; + if (! (attribute & S_ISVTX)) + access |= FILE_DELETE_CHILD; if (! AddAccessAllowedAce (acl, ACL_REVISION, access, group_sid)) debug_printf ("AddAccessAllowedAce(group) %E"); if (GetAce(acl, 1 + ace_off, (PVOID *) &ace)) @@ -726,15 +740,11 @@ alloc_sd (uid_t uid, gid_t gid, int attr if (attribute & S_IROTH) access |= FILE_GENERIC_READ; if (attribute & S_IWOTH) - { - access |= STANDARD_RIGHTS_ALL | FILE_GENERIC_WRITE | DELETE; - // sticky bit for directories according to linux rules - // no sense for files but who cares? - if (! (attribute & S_ISVTX)) - access |= FILE_DELETE_CHILD; - } + access |= STANDARD_RIGHTS_ALL | FILE_GENERIC_WRITE | DELETE; if (attribute & S_IXOTH) access |= FILE_GENERIC_EXECUTE; + if (! (attribute & S_ISVTX)) + access |= FILE_DELETE_CHILD; if (! AddAccessAllowedAce (acl, ACL_REVISION, access, get_world_sid ())) debug_printf ("AddAccessAllowedAce(world) %E"); Index: syscalls.cc =================================================================== RCS file: /src/cvsroot/winsup-990916/syscalls.cc,v retrieving revision 1.2 diff -u -p -r1.2 syscalls.cc --- syscalls.cc 1999/09/30 14:10:44 1.2 +++ syscalls.cc 1999/10/01 08:25:31 @@ -90,8 +90,7 @@ _unlink (const char *ourname) /* If we get ERROR_SHARING_VIOLATION, the file may still be open - Windows NT doesn't support deleting a file while it's open. */ - if (res == ERROR_SHARING_VIOLATION - || res == ERROR_ACCESS_DENIED) + if (res == ERROR_SHARING_VIOLATION) { cygwin_shared->delqueue.queue_file (win32_name.get_win32 ()); res = 0; --------------DF624562A8A7FABAFF6989FE--