From 645913109673c36cebf19d407a6e3e3a4a6288db Mon Sep 17 00:00:00 2001 From: Corinna Vinschen Date: Thu, 3 Sep 2015 19:29:55 +0200 Subject: [PATCH] Fix file type mode bit handling on object security. * fhandler_tty.cc (fhandler_pty_slave::open): Add S_IFCHR flag in call to create_object_sd_from_attribute. (fhandler_pty_slave::fstat): Ditto in call to get_object_attribute. (fhandler_pty_slave::fchmod): Add an orig_mode flag and ditto for both calls. (fhandler_pty_master::setup): Ditto in call to create_object_sd_from_attribute. * security.cc (get_object_attribute): Never add S_IFCHR to mode here. Let the caller decide. (create_object_sd_from_attribute): Ditto. Signed-off-by: Corinna Vinschen --- winsup/cygwin/ChangeLog | 13 +++++++++++++ winsup/cygwin/fhandler_tty.cc | 16 ++++++++++------ winsup/cygwin/security.cc | 7 +------ 3 files changed, 24 insertions(+), 12 deletions(-) diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog index 690d5bc4b..f4238de66 100644 --- a/winsup/cygwin/ChangeLog +++ b/winsup/cygwin/ChangeLog @@ -1,3 +1,16 @@ +2015-11-18 Corinna Vinschen + + * fhandler_tty.cc (fhandler_pty_slave::open): Add S_IFCHR flag + in call to create_object_sd_from_attribute. + (fhandler_pty_slave::fstat): Ditto in call to get_object_attribute. + (fhandler_pty_slave::fchmod): Add an orig_mode flag and ditto for + both calls. + (fhandler_pty_master::setup): Ditto in call to + create_object_sd_from_attribute. + * security.cc (get_object_attribute): Never add S_IFCHR to mode + here. Let the caller decide. + (create_object_sd_from_attribute): Ditto. + 2015-11-18 Corinna Vinschen * security.h (authz_get_user_attribute): Declare bool. diff --git a/winsup/cygwin/fhandler_tty.cc b/winsup/cygwin/fhandler_tty.cc index 93fb22b77..ee37ed48c 100644 --- a/winsup/cygwin/fhandler_tty.cc +++ b/winsup/cygwin/fhandler_tty.cc @@ -390,7 +390,8 @@ fhandler_pty_slave::open (int flags, mode_t) RtlCreateSecurityDescriptor (sd, SECURITY_DESCRIPTOR_REVISION); SECURITY_ATTRIBUTES sa = { sizeof (SECURITY_ATTRIBUTES), NULL, TRUE }; if (!create_object_sd_from_attribute (myself->uid, myself->gid, - S_IRUSR | S_IWUSR | S_IWGRP, sd)) + S_IFCHR | S_IRUSR | S_IWUSR | S_IWGRP, + sd)) sa.lpSecurityDescriptor = (PSECURITY_DESCRIPTOR) sd; acquire_output_mutex (INFINITE); inuse = get_ttyp ()->create_inuse (&sa); @@ -1034,6 +1035,7 @@ fhandler_pty_slave::fstat (struct stat *st) if (input_available_event) to_close = true; } + st->st_mode = S_IFCHR; if (!input_available_event || get_object_attribute (input_available_event, &st->st_uid, &st->st_gid, &st->st_mode)) @@ -1167,6 +1169,7 @@ fhandler_pty_slave::fchmod (mode_t mode) security_descriptor sd; uid_t uid; gid_t gid; + mode_t orig_mode = S_IFCHR; if (!input_available_event) { @@ -1176,8 +1179,8 @@ fhandler_pty_slave::fchmod (mode_t mode) } sd.malloc (sizeof (SECURITY_DESCRIPTOR)); RtlCreateSecurityDescriptor (sd, SECURITY_DESCRIPTOR_REVISION); - if (!get_object_attribute (input_available_event, &uid, &gid, NULL) - && !create_object_sd_from_attribute (uid, gid, mode, sd)) + if (!get_object_attribute (input_available_event, &uid, &gid, &orig_mode) + && !create_object_sd_from_attribute (uid, gid, S_IFCHR | mode, sd)) ret = fch_set_sd (sd, false); errout: if (to_close) @@ -1190,10 +1193,10 @@ fhandler_pty_slave::fchown (uid_t uid, gid_t gid) { int ret = -1; bool to_close = false; - mode_t mode = 0; + security_descriptor sd; uid_t o_uid; gid_t o_gid; - security_descriptor sd; + mode_t mode = S_IFCHR; if (uid == ILLEGAL_UID && gid == ILLEGAL_GID) return 0; @@ -1754,7 +1757,8 @@ fhandler_pty_master::setup () sd.malloc (sizeof (SECURITY_DESCRIPTOR)); RtlCreateSecurityDescriptor (sd, SECURITY_DESCRIPTOR_REVISION); if (!create_object_sd_from_attribute (myself->uid, myself->gid, - S_IRUSR | S_IWUSR | S_IWGRP, sd)) + S_IFCHR | S_IRUSR | S_IWUSR | S_IWGRP, + sd)) sa.lpSecurityDescriptor = (PSECURITY_DESCRIPTOR) sd; /* Carefully check that the input_available_event didn't already exist. diff --git a/winsup/cygwin/security.cc b/winsup/cygwin/security.cc index ac25d71c4..4e02bca2e 100644 --- a/winsup/cygwin/security.cc +++ b/winsup/cygwin/security.cc @@ -401,14 +401,9 @@ get_object_attribute (HANDLE handle, uid_t *uidret, gid_t *gidret, mode_t *attribute) { security_descriptor sd; - mode_t attr = S_IFCHR; if (get_object_sd (handle, sd)) return -1; - if (attribute) - *attribute |= S_IFCHR; - else - attribute = &attr; return get_posix_access (sd, attribute, uidret, gidret, NULL, 0) >= 0 ? 0 : -1; } @@ -417,7 +412,7 @@ int create_object_sd_from_attribute (uid_t uid, gid_t gid, mode_t attribute, security_descriptor &sd) { - return set_posix_access (S_IFCHR | attribute, uid, gid, NULL, 0, sd, false) + return set_posix_access (attribute, uid, gid, NULL, 0, sd, false) ? 0 : -1; }