Mailing-List: contact cygwin-developers-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-developers-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin-developers/>
List-Post: <mailto:cygwin-developers AT cygwin DOT com>
List-Help: <mailto:cygwin-developers-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-developers-owner AT cygwin DOT com
Delivered-To: mailing list cygwin-developers AT cygwin DOT com
Date: Tue, 4 Feb 2003 18:31:53 +0100
From: Corinna Vinschen <vinschen AT redhat DOT com>
To: cygwin-developers AT cygwin DOT com
Subject: [Bob DOT Burger AT sagian DOT com: 1.3.19: Everyone has write access to .lnk symbolic link files]
Message-ID: <20030204173153.GH5822@cygbert.vinschen.de>
Reply-To: cygwin-developers AT cygwin DOT com
Mail-Followup-To: cygwin-developers AT cygwin DOT com
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.4i

Hi,

----- Forwarded message from Bob DOT Burger AT sagian DOT com -----
Date: Tue, 4 Feb 2003 11:48:55 -0500 
From: Bob DOT Burger AT sagian DOT com
Subject: 1.3.19: Everyone has write access to .lnk symbolic link files
To: cygwin AT cygwin DOT com

The DACL of symbolic link files created by "ln -s" on NTFS partitions gives
Everyone write access to the .lnk file.
[...]
----- End forwarded message -----

it's a valid point to complain about this.  Currently symlinks get the
attributes "rwxrwxrwx" which allows everyone to remove or modify the symlink.
According to the behaviour on Linux, the symlink should always have
permissions like "rw-r--r--" and only stat() returns "rwxrwxrwx".  The
change is very easy

  Index: security.cc
  ===================================================================
  RCS file: /cvs/src/src/winsup/cygwin/security.cc,v
  retrieving revision 1.133
  diff -u -p -r1.133 security.cc
  --- security.cc 3 Feb 2003 15:55:19 -0000       1.133
  +++ security.cc 4 Feb 2003 17:30:18 -0000
  @@ -1855,7 +1855,7 @@ set_security_attribute (int attribute, P
   {
     /* symlinks are anything for everyone! */
     if ((attribute & S_IFLNK) == S_IFLNK)
  -    attribute |= S_IRWXU | S_IRWXG | S_IRWXO;
  +    attribute = STD_RBITS | STD_WBITS;
   
     psa->lpSecurityDescriptor = sd_buf;
     InitializeSecurityDescriptor ((PSECURITY_DESCRIPTOR) sd_buf,

and I actually doubt that it will negatively affect Cygwin but I'm not
100% sure if I'm missing something.

What do you think?

Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                                mailto:cygwin AT cygwin DOT com
Red Hat, Inc.