JehanneOS
/
newlib
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fix file type mode bit handling on object security. 

* fhandler_tty.cc (fhandler_pty_slave::open): Add S_IFCHR flag
	in call to create_object_sd_from_attribute.
	(fhandler_pty_slave::fstat): Ditto in call to get_object_attribute.
	(fhandler_pty_slave::fchmod): Add an orig_mode flag and ditto for
	both calls.
	(fhandler_pty_master::setup): Ditto in call to
	create_object_sd_from_attribute.
	* security.cc (get_object_attribute): Never add S_IFCHR to mode
	here.  Let the caller decide.
	(create_object_sd_from_attribute): Ditto.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
This commit is contained in:
Corinna Vinschen 2015-09-03 19:29:55 +02:00
parent 4dc3deea89
commit 6459131096
3 changed files with 24 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
winsup/cygwin/ChangeLog
View File

@ -1,3 +1,16 @@
2015-11-18 Corinna Vinschen <corinna@vinschen.de>
* fhandler_tty.cc (fhandler_pty_slave::open): Add S_IFCHR flag
in call to create_object_sd_from_attribute.
(fhandler_pty_slave::fstat): Ditto in call to get_object_attribute.
(fhandler_pty_slave::fchmod): Add an orig_mode flag and ditto for
both calls.
(fhandler_pty_master::setup): Ditto in call to
create_object_sd_from_attribute.
* security.cc (get_object_attribute): Never add S_IFCHR to mode
here. Let the caller decide.
(create_object_sd_from_attribute): Ditto.
2015-11-18 Corinna Vinschen <corinna@vinschen.de> 2015-11-18 Corinna Vinschen <corinna@vinschen.de>
* security.h (authz_get_user_attribute): Declare bool. * security.h (authz_get_user_attribute): Declare bool.

16
winsup/cygwin/fhandler_tty.cc
View File

@ -390,7 +390,8 @@ fhandler_pty_slave::open (int flags, mode_t)
RtlCreateSecurityDescriptor (sd, SECURITY_DESCRIPTOR_REVISION); RtlCreateSecurityDescriptor (sd, SECURITY_DESCRIPTOR_REVISION);
SECURITY_ATTRIBUTES sa = { sizeof (SECURITY_ATTRIBUTES), NULL, TRUE }; SECURITY_ATTRIBUTES sa = { sizeof (SECURITY_ATTRIBUTES), NULL, TRUE };
if (!create_object_sd_from_attribute (myself->uid, myself->gid, if (!create_object_sd_from_attribute (myself->uid, myself->gid,
S_IRUSR | S_IWUSR | S_IWGRP, sd)) S_IFCHR | S_IRUSR | S_IWUSR | S_IWGRP,
sd))
sa.lpSecurityDescriptor = (PSECURITY_DESCRIPTOR) sd; sa.lpSecurityDescriptor = (PSECURITY_DESCRIPTOR) sd;
acquire_output_mutex (INFINITE); acquire_output_mutex (INFINITE);
inuse = get_ttyp ()->create_inuse (&sa); inuse = get_ttyp ()->create_inuse (&sa);
@ -1034,6 +1035,7 @@ fhandler_pty_slave::fstat (struct stat *st)
if (input_available_event) if (input_available_event)
to_close = true; to_close = true;
} }
st->st_mode = S_IFCHR;
if (!input_available_event if (!input_available_event
|| get_object_attribute (input_available_event, &st->st_uid, &st->st_gid, || get_object_attribute (input_available_event, &st->st_uid, &st->st_gid,
&st->st_mode)) &st->st_mode))
@ -1167,6 +1169,7 @@ fhandler_pty_slave::fchmod (mode_t mode)
security_descriptor sd; security_descriptor sd;
uid_t uid; uid_t uid;
gid_t gid; gid_t gid;
mode_t orig_mode = S_IFCHR;
if (!input_available_event) if (!input_available_event)
{ {
@ -1176,8 +1179,8 @@ fhandler_pty_slave::fchmod (mode_t mode)
} }
sd.malloc (sizeof (SECURITY_DESCRIPTOR)); sd.malloc (sizeof (SECURITY_DESCRIPTOR));
RtlCreateSecurityDescriptor (sd, SECURITY_DESCRIPTOR_REVISION); RtlCreateSecurityDescriptor (sd, SECURITY_DESCRIPTOR_REVISION);
if (!get_object_attribute (input_available_event, &uid, &gid, NULL) if (!get_object_attribute (input_available_event, &uid, &gid, &orig_mode)
&& !create_object_sd_from_attribute (uid, gid, mode, sd)) && !create_object_sd_from_attribute (uid, gid, S_IFCHR | mode, sd))
ret = fch_set_sd (sd, false); ret = fch_set_sd (sd, false);
errout: errout:
if (to_close) if (to_close)
@ -1190,10 +1193,10 @@ fhandler_pty_slave::fchown (uid_t uid, gid_t gid)
{ {
int ret = -1; int ret = -1;
bool to_close = false; bool to_close = false;
mode_t mode = 0; security_descriptor sd;
uid_t o_uid; uid_t o_uid;
gid_t o_gid; gid_t o_gid;
security_descriptor sd; mode_t mode = S_IFCHR;
if (uid == ILLEGAL_UID && gid == ILLEGAL_GID) if (uid == ILLEGAL_UID && gid == ILLEGAL_GID)
return 0; return 0;
@ -1754,7 +1757,8 @@ fhandler_pty_master::setup ()
sd.malloc (sizeof (SECURITY_DESCRIPTOR)); sd.malloc (sizeof (SECURITY_DESCRIPTOR));
RtlCreateSecurityDescriptor (sd, SECURITY_DESCRIPTOR_REVISION); RtlCreateSecurityDescriptor (sd, SECURITY_DESCRIPTOR_REVISION);
if (!create_object_sd_from_attribute (myself->uid, myself->gid, if (!create_object_sd_from_attribute (myself->uid, myself->gid,
S_IRUSR | S_IWUSR | S_IWGRP, sd)) S_IFCHR | S_IRUSR | S_IWUSR | S_IWGRP,
sd))
sa.lpSecurityDescriptor = (PSECURITY_DESCRIPTOR) sd; sa.lpSecurityDescriptor = (PSECURITY_DESCRIPTOR) sd;
/* Carefully check that the input_available_event didn't already exist. /* Carefully check that the input_available_event didn't already exist.

7
winsup/cygwin/security.cc
View File

@ -401,14 +401,9 @@ get_object_attribute (HANDLE handle, uid_t *uidret, gid_t *gidret,
mode_t *attribute) mode_t *attribute)
{ {
security_descriptor sd; security_descriptor sd;
mode_t attr = S_IFCHR;
if (get_object_sd (handle, sd)) if (get_object_sd (handle, sd))
return -1; return -1;
if (attribute)
*attribute |= S_IFCHR;
else
attribute = &attr;
return get_posix_access (sd, attribute, uidret, gidret, NULL, 0) return get_posix_access (sd, attribute, uidret, gidret, NULL, 0)
>= 0 ? 0 : -1; >= 0 ? 0 : -1;
} }
@ -417,7 +412,7 @@ int
create_object_sd_from_attribute (uid_t uid, gid_t gid, mode_t attribute, create_object_sd_from_attribute (uid_t uid, gid_t gid, mode_t attribute,
security_descriptor &sd) security_descriptor &sd)
{ {
return set_posix_access (S_IFCHR | attribute, uid, gid, NULL, 0, sd, false) return set_posix_access (attribute, uid, gid, NULL, 0, sd, false)
? 0 : -1; ? 0 : -1;
} }