* sec_acl.cc (set_posix_access): Apply mask only in terms of execute bit
for SYSTEM and Admins group.
* getfacl.c (main): Special-case SYSTEM and Admins group. Add comments.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
The inline list of mount options seemed redundant, so the paragraph now points
to the list below it.
List of executable extensions updated according to fhandler_disk_file.cc. List
of executable magic numbers updated according to path.h (has_exec_chars).
* pathnames.xml: Fix inconsistencies in docs regarding fstab and
executable file detection
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
* sec_acl.cc (set_posix_access): Don't create DENY ACEs for USER and
GROUP entries if they are the same as USER_OBJ or GROUP_OBJ.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
* fhandler.h (fhandler_pty_slave::facl): Add prototype.
* fhandler_tty.cc (fhandler_pty_slave::facl): New method.
(fhandler_pty_slave::fchown): Fix uid/gid handling.
* sec_acl.cc (set_posix_access): Drop superfluous class_idx variable.
Simplify and move around code in a few places. To improve ACL
readability, add r/w permissions to Admins ACE appended to pty ACL.
Add comment to explain Windows ACE Mask filtering being in the way of
creating a real CLASS_OBJ.
(get_posix_access): Fake CLASS_OBJ for ptys. Explain why.
* security.cc (get_object_attribute): Add S_IFCHR flag to attributes
when calling get_posix_access.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
* sec_acl.cc (set_posix_access): Move merging group perms into owner
perms in case of owner == group after mask has been computed. Take
mask into account when doing so to avoid unnecessary ACCESS_DENIED_ACE.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
* fhandler_disk_file.cc (fhandler_disk_file::fchmod): Deliberatly
set GROUP_OBJ and CLASS_OBJ perms to new group perms. Add comment
to explain why.
* security.cc (set_created_file_access): Ditto.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
* sec_acl.cc (set_posix_access): Replace previous patch. Return
EINVAL if uid and/or guid is invalid and not backed by an actual
Windows account.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
* setfacl.c: Align more to Linux tool.
(delacl): New function to delete acl entries only.
(modacl): Drop delete functionality. Add handling of recomputing the
mask and default mask values.
(delallacl): Rename from delacl.
(setfacl): Call delacl in Delete case. Call delallacl in DeleteAll
and DeleteDef case.
(usage): Accommodate new options. Rearrange and rephrase slightly.
(longopts): Emit 'x' in --delete case. Add --no-mask and --mask
options.
(opts): Add -x and -n options.
(main): Handle -d and -x the same. Handle -n and --mask options.
Drop handling for -r option.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
* sec_acl.cc (get_posix_access): Don't use GROUP_OBJ access to fix up
CLASS_OBJ mask on old-style ACLs. Fix a comment.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
* sec_acl.cc (set_posix_access): Always make sure Admins have
WRITE_DAC and WRITE_OWNER permissions.
* security.h (create_object_sd_from_attribute): Drop handle parameter
from prototype.
* security.cc (create_object_sd_from_attribute): Drop handle parameter.
Just create the standard POSIXy security descriptor.
(set_object_attribute): Accommodate dropped paramter in call to
create_object_sd_from_attribute.
* fhandler_tty.cc: Ditto, throughout.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
* shm.cc (shmget): Fetch segment size from server rather than using
size argument to accommodate existing segments. Add comment to explain
why.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
* include/cygwin/version.h (CYGWIN_VERSION_DLL_MAJOR): Bump to 2000.
(CYGWIN_VERSION_DLL_MINOR): Set to 0.
* new-features.xml (ov-new2.0): Rename from ov-new1.7.36 and change
version number to 2.0.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
* exceptions.cc (call_signal_handler): Only bother to construct
the ucontext for signal handlers with SA_SIGINFO set. Set
mcontext.oldmask.
Signed-off-by: Jon TURNEY <jon.turney@dronecode.org.uk>
* exceptions.cc (call_signal_handler): Zero initialize context and set
context flags, as RlCaptureContext doesn't.
Signed-off-by: Jon TURNEY <jon.turney@dronecode.org.uk>
* fhandler.cc (fhandler_base::open_with_arch): Call open with mode
not umasked.
(fhandler_base::open): Explicitely umask mode on NFS here. Call new
set_created_file_access rather than set_file_attribute.
* fhandler_disk_file.cc (fhandler_disk_file::fchmod): Reimplement
setting permissions on filesystems supporting ACLs using the new
set_posix_access call.
(fhandler_disk_file::fchown): Ditto.
(fhandler_disk_file::mkdir): Call new set_created_file_access rather
than set_file_attribute.
* fhandler_socket.cc (fhandler_socket::bind): Don't umask here. Add
WRITE_OWNER access to allow writing group in case of SGID bit set.
Call new set_created_file_access rather than set_file_attribute.
* path.cc (symlink_worker): Call new set_created_file_access rather
than set_file_attribute.
* sec_acl.cc (searchace): Un-staticize.
(set_posix_access): New, complementary functionality to
get_posix_access.
(setacl): Implement in terms of get_posix_access/set_posix_access.
(get_posix_access): Add handling for just created files requiring
their first Cygwin ACL. Fix new_style recognition. Handle SGID
bit. For old-style ACLs, ignore SYSTEM and Administrators when
computing the {DEF_}CLASS_OBJ perms.
* security.cc (get_file_sd): Revamp comment. Change and (hopefully)
speed up inheritance processing for just created files.
(alloc_sd): Remove.
(set_security_attribute): Call set_posix_access instead of alloc_sd.
(get_object_attribute): Fix return value.
(create_object_sd_from_attribute): Call set_posix_access instead of
alloc_sd.
(set_file_attribute): Remove.
(set_created_file_access): New function implemented in terms of
get_posix_access/set_posix_access.
* security.h (set_file_attribute): Remove prototype.
(set_created_file_access): Add prototype.
(searchace): Ditto.
(set_posix_access): Ditto.
* syscalls.cc (open): Call open_with_arch with mode not umasked.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
* sec_acl.cc: Change preceeding comment explaining new-style ACLs.
Describe how to generate deny ACEs in more detail. Accommodate the
fact that a NULL deny ACE is used for {DEF_}CLASS_OBJ, rather than
a special Cygwin ACE. Improve further comments.
(CYG_ACE_NEW_STYLE): Define.
(get_posix_access): Change from Cygwin ACE to NULL deny ACE. Fix
CLASS_OBJ handling to generate CLASS_OBJ and DEF_CLASS_OBJ from a single
NULL deny ACE if the inheritance flags say so.
* sec_helper.cc (well_known_cygwin_sid): Remove.
* security.h (well_known_cygwin_sid): Drop declaration.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Selectively using -fomit-frame-pointer when -O is used doesn't make sense
anymore, apparently since gcc 4.6, -O implies -fomit-frame-pointer.
exceptions.cc must be compiled with -fno-omit-frame-pointer on x86, as it uses
RtlCaptureContext, which requires a frame pointer.
* Makefile.in : Remove setting -fomit-frame-pointer for compiling
various files, it is already the default. Set
-fno-omit-frame-pointer for exceptions.cc on x86.
Signed-off-by: Jon TURNEY <jon.turney@dronecode.org.uk>
* fhandler_tty.cc (fhandler_pty_slave::read): Change calculation of
"readlen" not to use "bytes_in_pipe" value directly.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
* faq-setup.xml: Document how Cygwin secures installation and
update against man-in-the-middle (MITM) attacks. Note that
setup embeds a public key to check the signature of setup.ini,
and that setup.ini includes SHA-512 cryptographic hashes.
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
On x86_64, RtlCaptureContext() uses fxsave to save FPU/MMX/SSE state.
fxsave requires that the destination address is 16-byte aligned, or it will
fault.
CONTEXT is already annotated __attribute__ ((aligned (16))), do the same with
struct _mcontext.
Rearrange ucontext_t so that it's struct _mcontext element is also correctly
aligned.
* include/cygwin/signal.h (struct __mcontext): 16-byte align.
* include/sys/ucontext.h (ucontext_t): Ditto.
Signed-off-by: Jon TURNEY <jon.turney@dronecode.org.uk>
* sec_acl.cc (CYG_ACE_ISBITS_TO_WIN): Fix typo.
(get_posix_access): Rename index variable from i to idx. Define only
once at top level.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
* include/cygwin/types.h: Include sys/_stdint.h rather than stdint.h.
* include/stdint.h: Drop in favor of newlib version.
* include/inttypes.h: Ditto.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Add ucontext.h header, defining ucontext_t and mcontext_t types.
Provide sigaction sighandlers with a ucontext_t parameter, containing stack and
context information.
* include/sys/ucontext.h : New header.
* include/ucontext.h : Ditto.
* exceptions.cc (call_signal_handler): Provide ucontext_t
parameter to signal handler function.
Signed-off-by: Jon TURNEY <jon.turney@dronecode.org.uk>
* external.cc (cygwin_internal): Add operation to retrieve a copy
of the EXCEPTION_RECORD from a siginfo_t *.
* include/sys/cygwin.h (cygwin_getinfo_types): Ditto.
* exception.h (cygwin_exception): Add exception_record accessor.
Signed-off-by: Jon TURNEY <jon.turney@dronecode.org.uk>
* include/cygwin/signal.h : Rename struct ucontext to struct
__mcontext. Fix layout differences from the Win32 API CONTEXT
type. Remove unused member _internal. Rename member which
corresponds to ContextFlags. Add cr2 member.
Signed-off-by: Jon TURNEY <jon.turney@dronecode.org.uk>
Corinna Vinschen
David Macek
Jon TURNEY
Nick Clifton
Takashi Yano
David A. Wheeler
Sebastian Huber