* security.cc (alloc_sd): Fix erroneous inheritence entry duplication.
This commit is contained in:
Corinna Vinschen
@@ -1,3 +1,7 @@
|
|||||||
|
2010-12-15 Corinna Vinschen <corinna@vinschen.de>
|
||||||
|
|
||||||
|
* security.cc (alloc_sd): Fix erroneous inheritence entry duplication.
|
||||||
|
|
||||||
2010-12-12 Corinna Vinschen <corinna@vinschen.de>
|
2010-12-12 Corinna Vinschen <corinna@vinschen.de>
|
||||||
|
|
||||||
* syscalls.cc (check_dir_not_empty): Never count more than 3 directory
|
* syscalls.cc (check_dir_not_empty): Never count more than 3 directory
|
||||||
|
|||||||
@@ -648,8 +648,7 @@ alloc_sd (path_conv &pc, __uid32_t uid, __gid32_t gid, int attribute,
|
|||||||
if ((ace_sid == cur_owner_sid)
|
if ((ace_sid == cur_owner_sid)
|
||||||
|| (ace_sid == owner_sid)
|
|| (ace_sid == owner_sid)
|
||||||
|| (ace_sid == cur_group_sid)
|
|| (ace_sid == cur_group_sid)
|
||||||
|| (ace_sid == group_sid)
|
|| (ace_sid == group_sid))
|
||||||
|| (ace_sid == well_known_world_sid))
|
|
||||||
{
|
{
|
||||||
if (ace->Header.AceFlags
|
if (ace->Header.AceFlags
|
||||||
& (CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE))
|
& (CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE))
|
||||||
@@ -657,7 +656,11 @@ alloc_sd (path_conv &pc, __uid32_t uid, __gid32_t gid, int attribute,
|
|||||||
else
|
else
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
else if (attribute & S_JUSTCREATED)
|
else if ((ace_sid == well_known_creator_owner_sid)
|
||||||
|
|| (ace_sid == well_known_creator_group_sid)
|
||||||
|
|| (ace_sid == well_known_world_sid))
|
||||||
|
continue;
|
||||||
|
if (attribute & S_JUSTCREATED)
|
||||||
{
|
{
|
||||||
/* Since files and dirs are created with a NULL descriptor,
|
/* Since files and dirs are created with a NULL descriptor,
|
||||||
inheritence rules kick in. If no inheritable entries exist
|
inheritence rules kick in. If no inheritable entries exist
|
||||||
|
|||||||
Reference in New Issue
Block a user