* fhandler_socket.cc (adjust_socket_file_mode): New inline function.
(fhandler_socket::fchmod): Squeeze mode through adjust_socket_file_mode before using it. (fhandler_socket::bind): Ditto.
This commit is contained in:
		| @@ -1,4 +1,11 @@ | |||||||
| 007-03-19  Ryan C. Gordon  <icculus@icculus.org> | 2007-05-15  Corinna Vinschen  <corinna@vinschen.de> | ||||||
|  |  | ||||||
|  | 	* fhandler_socket.cc (adjust_socket_file_mode): New inline function. | ||||||
|  | 	(fhandler_socket::fchmod): Squeeze mode through adjust_socket_file_mode | ||||||
|  | 	before using it. | ||||||
|  | 	(fhandler_socket::bind): Ditto. | ||||||
|  |  | ||||||
|  | 2007-03-19  Ryan C. Gordon  <icculus@icculus.org> | ||||||
|  |  | ||||||
| 	* path.cc (fs_info::update): Set and use is_cdrom. | 	* path.cc (fs_info::update): Set and use is_cdrom. | ||||||
| 	* path.cc (fillout_mntent): Set ret.mnt_type to something more | 	* path.cc (fillout_mntent): Set ret.mnt_type to something more | ||||||
| @@ -10,7 +17,7 @@ | |||||||
| 	* path.h (class path_conv): Add fs_is_cdrom method.  Add missing | 	* path.h (class path_conv): Add fs_is_cdrom method.  Add missing | ||||||
| 	fs_is_netapp method. | 	fs_is_netapp method. | ||||||
|  |  | ||||||
| 007-05-14  Eric Blake  <ebb9@byu.net> | 2007-05-14  Eric Blake  <ebb9@byu.net> | ||||||
|  |  | ||||||
| 	* cygwin.din (asnprintf, dprint, _Exit, vasnprintf, vdprintf): Export. | 	* cygwin.din (asnprintf, dprint, _Exit, vasnprintf, vdprintf): Export. | ||||||
| 	* include/cygwin/version.h: Bump API minor number. | 	* include/cygwin/version.h: Bump API minor number. | ||||||
|   | |||||||
| @@ -50,6 +50,18 @@ int sscanf (const char *, const char *, ...); | |||||||
|  |  | ||||||
| fhandler_dev_random* entropy_source; | fhandler_dev_random* entropy_source; | ||||||
|  |  | ||||||
|  | static inline mode_t | ||||||
|  | adjust_socket_file_mode (mode_t mode) | ||||||
|  | { | ||||||
|  |   /* Kludge: Don't allow to remove read bit on socket files for | ||||||
|  |      user/group/other, if the accompanying write bit is set.  It would | ||||||
|  |      be nice to have exact permissions on a socket file, but it's | ||||||
|  |      necessary that somebody able to access the socket can always read | ||||||
|  |      the contents of the socket file to avoid spurious "permission | ||||||
|  |      denied" messages. */ | ||||||
|  |   return mode | ((mode & (S_IWUSR | S_IWGRP | S_IWOTH)) << 1); | ||||||
|  | } | ||||||
|  |  | ||||||
| /* cygwin internal: map sockaddr into internet domain address */ | /* cygwin internal: map sockaddr into internet domain address */ | ||||||
| static int | static int | ||||||
| get_inet_addr (const struct sockaddr *in, int inlen, | get_inet_addr (const struct sockaddr *in, int inlen, | ||||||
| @@ -687,7 +699,7 @@ fhandler_socket::fchmod (mode_t mode) | |||||||
|     { |     { | ||||||
|       fhandler_disk_file fh (pc); |       fhandler_disk_file fh (pc); | ||||||
|       fh.get_device () = FH_FS; |       fh.get_device () = FH_FS; | ||||||
|       int ret = fh.fchmod (mode); |       int ret = fh.fchmod (adjust_socket_file_mode (mode)); | ||||||
|       SetFileAttributes	(pc, GetFileAttributes (pc) | FILE_ATTRIBUTE_SYSTEM); |       SetFileAttributes	(pc, GetFileAttributes (pc) | FILE_ATTRIBUTE_SYSTEM); | ||||||
|       return ret; |       return ret; | ||||||
|     } |     } | ||||||
| @@ -799,7 +811,8 @@ fhandler_socket::bind (const struct sockaddr *name, int namelen) | |||||||
| 	  set_errno (EADDRINUSE); | 	  set_errno (EADDRINUSE); | ||||||
| 	  goto out; | 	  goto out; | ||||||
| 	} | 	} | ||||||
|       mode_t mode = (S_IRWXU | S_IRWXG | S_IRWXO) & ~cygheap->umask; |       mode_t mode = adjust_socket_file_mode ((S_IRWXU | S_IRWXG | S_IRWXO) | ||||||
|  | 					     & ~cygheap->umask); | ||||||
|       DWORD attr = FILE_ATTRIBUTE_SYSTEM; |       DWORD attr = FILE_ATTRIBUTE_SYSTEM; | ||||||
|       if (!(mode & (S_IWUSR | S_IWGRP | S_IWOTH))) |       if (!(mode & (S_IWUSR | S_IWGRP | S_IWOTH))) | ||||||
| 	attr |= FILE_ATTRIBUTE_READONLY; | 	attr |= FILE_ATTRIBUTE_READONLY; | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user