JehanneOS
/
newlib
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

* security.cc (alloc_sd): Fix comment style. Remove code unused for 

years.
This commit is contained in:
Corinna Vinschen 2015-02-25 11:40:34 +00:00
parent 6db8557026
commit a1cb13411d
2 changed files with 8 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
winsup/cygwin/ChangeLog
View File

@ -1,3 +1,8 @@
2015-02-25 Corinna Vinschen <corinna@vinschen.de>
* security.cc (alloc_sd): Fix comment style. Remove code unused for
years.
2015-02-25 Corinna Vinschen <corinna@vinschen.de> 2015-02-25 Corinna Vinschen <corinna@vinschen.de>
* security.cc (alloc_sd): Add temporary workaround which disallows * security.cc (alloc_sd): Add temporary workaround which disallows

29
winsup/cygwin/security.cc
View File

@ -785,11 +785,9 @@ alloc_sd (path_conv &pc, uid_t uid, gid_t gid, int attribute,
disallow any secondary ACE in the ACL more permissions than disallow any secondary ACE in the ACL more permissions than
the primary group when writing a new ACL via chmod. */ the primary group when writing a new ACL via chmod. */
ace->Mask &= group_allow; ace->Mask &= group_allow;
/* /* Add unrelated ACCESS_DENIED_ACE to the beginning but behind
* Add unrelated ACCESS_DENIED_ACE to the beginning but the owner_deny, ACCESS_ALLOWED_ACE to the end. FIXME: this
* behind the owner_deny, ACCESS_ALLOWED_ACE to the end. would break the order of the inherit-only ACEs. */
* FIXME: this would break the order of the inherit-only ACEs
*/
status = RtlAddAce (acl, ACL_REVISION, status = RtlAddAce (acl, ACL_REVISION,
ace->Header.AceType == ACCESS_DENIED_ACE_TYPE ace->Header.AceType == ACCESS_DENIED_ACE_TYPE
? (owner_deny ? 1 : 0) : MAXDWORD, ? (owner_deny ? 1 : 0) : MAXDWORD,
@ -810,32 +808,11 @@ alloc_sd (path_conv &pc, uid_t uid, gid_t gid, int attribute,
{ {
const DWORD inherit = CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE const DWORD inherit = CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE
| INHERIT_ONLY_ACE; | INHERIT_ONLY_ACE;
#if 0 /* FIXME: Not done currently as this breaks the canonical order */
/* Set deny ACE for owner. */
if (owner_deny
&& !add_access_denied_ace (acl, ace_off++, owner_deny,
well_known_creator_owner_sid, acl_len, inherit))
return NULL;
/* Set deny ACE for group here to respect the canonical order,
if this does not impact owner */
if (group_deny && !(group_deny & owner_allow)
&& !add_access_denied_ace (acl, ace_off++, group_deny,
well_known_creator_group_sid, acl_len, inherit))
return NULL;
#endif
/* Set allow ACE for owner. */ /* Set allow ACE for owner. */
if (!add_access_allowed_ace (acl, ace_off++, owner_allow, if (!add_access_allowed_ace (acl, ace_off++, owner_allow,
well_known_creator_owner_sid, acl_len, well_known_creator_owner_sid, acl_len,
inherit)) inherit))
return NULL; return NULL;
#if 0 /* FIXME: Not done currently as this breaks the canonical order and
won't be preserved on chown and chmod */
/* Set deny ACE for group, conflicting with owner_allow. */
if (group_deny & owner_allow
&& !add_access_denied_ace (acl, ace_off++, group_deny,
well_known_creator_group_sid, acl_len, inherit))
return NULL;
#endif
/* Set allow ACE for group. */ /* Set allow ACE for group. */
if (!add_access_allowed_ace (acl, ace_off++, group_allow, if (!add_access_allowed_ace (acl, ace_off++, group_allow,
well_known_creator_group_sid, acl_len, well_known_creator_group_sid, acl_len,