Discussion:
[newlib-cygwin] Fix thinko in creating the {DEF_}CLASS_OBJ value on old-style ACLs
Eric Blake
2015-04-14 12:52:56 UTC
Permalink
https://sourceware.org/git/gitweb.cgi?p=newlib-cygwin.git;h=40653522b942addc65070275c89078d15aa8b4d5
commit 40653522b942addc65070275c89078d15aa8b4d5
Date: Tue Apr 14 10:42:29 2015 +0200
Fix thinko in creating the {DEF_}CLASS_OBJ value on old-style ACLs
* sec_acl.cc (get_posix_access): Don't use GROUP_OBJ access to fix up
CLASS_OBJ mask on old-style ACLs. Fix a comment.
- /* Accommodate Windows: Never add SYSTEM and Admins
- perms to CLASS_OBJ perms. */
+ /* Accommodate Windows: Never add SYSTEM and Admins to
+ CLASS_OBJ. Unless (implicitely) if they are the
s/implicitely/implicitly/
+ GROUP_OBJ entry. */
if (ace_sid != well_known_system_sid
&& ace_sid != well_known_admins_sid)
class_perm |= lacl[pos].a_perm;
@@ -774,11 +775,12 @@ get_posix_access (PSECURITY_DESCRIPTOR psd,
if (!new_style)
{
/* Fix up DEF_CLASS_OBJ value. */
- if (type & (USER | GROUP_OBJ | GROUP))
+ if (type & (USER | GROUP))
{
has_def_class_perm = true;
- /* Accommodate Windows: Never add SYSTEM and Admins
- perms to CLASS_OBJ perms. */
+ /* Accommodate Windows: Never add SYSTEM and Admins to
+ CLASS_OBJ. Unless (implicitely) if they are the
and again

(same goes for "explicitly" - not in this patch, but I've noticed you
often add the 'e' there too)
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
Corinna Vinschen
2015-04-14 14:58:48 UTC
Permalink
Post by Eric Blake
https://sourceware.org/git/gitweb.cgi?p=newlib-cygwin.git;h=40653522b942addc65070275c89078d15aa8b4d5
commit 40653522b942addc65070275c89078d15aa8b4d5
Date: Tue Apr 14 10:42:29 2015 +0200
Fix thinko in creating the {DEF_}CLASS_OBJ value on old-style ACLs
* sec_acl.cc (get_posix_access): Don't use GROUP_OBJ access to fix up
CLASS_OBJ mask on old-style ACLs. Fix a comment.
- /* Accommodate Windows: Never add SYSTEM and Admins
- perms to CLASS_OBJ perms. */
+ /* Accommodate Windows: Never add SYSTEM and Admins to
+ CLASS_OBJ. Unless (implicitely) if they are the
s/implicitely/implicitly/
+ GROUP_OBJ entry. */
if (ace_sid != well_known_system_sid
&& ace_sid != well_known_admins_sid)
class_perm |= lacl[pos].a_perm;
@@ -774,11 +775,12 @@ get_posix_access (PSECURITY_DESCRIPTOR psd,
if (!new_style)
{
/* Fix up DEF_CLASS_OBJ value. */
- if (type & (USER | GROUP_OBJ | GROUP))
+ if (type & (USER | GROUP))
{
has_def_class_perm = true;
- /* Accommodate Windows: Never add SYSTEM and Admins
- perms to CLASS_OBJ perms. */
+ /* Accommodate Windows: Never add SYSTEM and Admins to
+ CLASS_OBJ. Unless (implicitely) if they are the
and again
(same goes for "explicitly" - not in this patch, but I've noticed you
often add the 'e' there too)
Fixed in CVS^Wgit.


Thanks,
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat
Loading...