From 90e006a63dd9594c5d05b7251e27d16bceab3cac Mon Sep 17 00:00:00 2001 From: Corinna Vinschen Date: Tue, 10 Nov 2015 10:00:33 +0100 Subject: [PATCH] get_posix_access: Skip merging permissions if user can't get more permissions * sec_acl.cc (get_posix_access): Skip merging permissions if current user has rwx permissions anywa, or if the sum of all group and other permissions is less than or equal to the user's permissions. Signed-off-by: Corinna Vinschen --- winsup/cygwin/ChangeLog | 6 ++++++ winsup/cygwin/sec_acl.cc | 13 +++++++++++-- 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog index 449112319..49bac71e6 100644 --- a/winsup/cygwin/ChangeLog +++ b/winsup/cygwin/ChangeLog @@ -1,3 +1,9 @@ +2015-11-18 Corinna Vinschen + + * sec_acl.cc (get_posix_access): Skip merging permissions if current + user has rwx permissions anywa, or if the sum of all group and other + permissions is less than or equal to the user's permissions. + 2015-11-18 Corinna Vinschen * sec_acl.cc (get_posix_access): Fix computation of effective user diff --git a/winsup/cygwin/sec_acl.cc b/winsup/cygwin/sec_acl.cc index a9e1dea5f..f632410ee 100644 --- a/winsup/cygwin/sec_acl.cc +++ b/winsup/cygwin/sec_acl.cc @@ -1019,8 +1019,17 @@ get_posix_access (PSECURITY_DESCRIPTOR psd, { mode_t perm; - /* If we use the Windows user DB, utilize Authz to make sure all - user permissions are correctly reflecting the Windows + /* Don't merge if the user already has all permissions, or... */ + if (lacl[idx].a_perm == S_IRWXO) + continue; + /* ...if the sum of perms is less than or equal the user's perms. */ + perm = lacl[idx].a_perm + | (has_class_perm ? class_perm : lacl[1].a_perm) + | lacl[2].a_perm; + if (perm == lacl[idx].a_perm) + continue; + /* Otherwise, if we use the Windows user DB, utilize Authz to make + sure all user permissions are correctly reflecting the Windows permissions. */ if (cygheap->pg.nss_pwd_db () && authz_get_user_attribute (&perm, psd, aclsid[idx]))