[newlib-cygwin] Fix file type mode bit handling on object security.
Corinna Vinschen
corinna@sourceware.org
Wed Nov 18 22:12:00 GMT 2015
https://sourceware.org/git/gitweb.cgi?p=newlib-cygwin.git;h=645913109673c36cebf19d407a6e3e3a4a6288db
commit 645913109673c36cebf19d407a6e3e3a4a6288db
Author: Corinna Vinschen <corinna@vinschen.de>
Date: Thu Sep 3 19:29:55 2015 +0200
Fix file type mode bit handling on object security.
* fhandler_tty.cc (fhandler_pty_slave::open): Add S_IFCHR flag
in call to create_object_sd_from_attribute.
(fhandler_pty_slave::fstat): Ditto in call to get_object_attribute.
(fhandler_pty_slave::fchmod): Add an orig_mode flag and ditto for
both calls.
(fhandler_pty_master::setup): Ditto in call to
create_object_sd_from_attribute.
* security.cc (get_object_attribute): Never add S_IFCHR to mode
here. Let the caller decide.
(create_object_sd_from_attribute): Ditto.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Diff:
---
winsup/cygwin/ChangeLog | 13 +++++++++++++
winsup/cygwin/fhandler_tty.cc | 16 ++++++++++------
winsup/cygwin/security.cc | 7 +------
3 files changed, 24 insertions(+), 12 deletions(-)
diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog
index 690d5bc..f4238de 100644
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@@ -1,5 +1,18 @@
2015-11-18 Corinna Vinschen <corinna@vinschen.de>
+ * fhandler_tty.cc (fhandler_pty_slave::open): Add S_IFCHR flag
+ in call to create_object_sd_from_attribute.
+ (fhandler_pty_slave::fstat): Ditto in call to get_object_attribute.
+ (fhandler_pty_slave::fchmod): Add an orig_mode flag and ditto for
+ both calls.
+ (fhandler_pty_master::setup): Ditto in call to
+ create_object_sd_from_attribute.
+ * security.cc (get_object_attribute): Never add S_IFCHR to mode
+ here. Let the caller decide.
+ (create_object_sd_from_attribute): Ditto.
+
+2015-11-18 Corinna Vinschen <corinna@vinschen.de>
+
* security.h (authz_get_user_attribute): Declare bool.
* sec_helper.cc (authz_ctx::get_user_attribute): Make bool method.
Set S_IxOTH bits in returned attributes rather than S_IxUSR bits.
diff --git a/winsup/cygwin/fhandler_tty.cc b/winsup/cygwin/fhandler_tty.cc
index 93fb22b..ee37ed4 100644
--- a/winsup/cygwin/fhandler_tty.cc
+++ b/winsup/cygwin/fhandler_tty.cc
@@ -390,7 +390,8 @@ fhandler_pty_slave::open (int flags, mode_t)
RtlCreateSecurityDescriptor (sd, SECURITY_DESCRIPTOR_REVISION);
SECURITY_ATTRIBUTES sa = { sizeof (SECURITY_ATTRIBUTES), NULL, TRUE };
if (!create_object_sd_from_attribute (myself->uid, myself->gid,
- S_IRUSR | S_IWUSR | S_IWGRP, sd))
+ S_IFCHR | S_IRUSR | S_IWUSR | S_IWGRP,
+ sd))
sa.lpSecurityDescriptor = (PSECURITY_DESCRIPTOR) sd;
acquire_output_mutex (INFINITE);
inuse = get_ttyp ()->create_inuse (&sa);
@@ -1034,6 +1035,7 @@ fhandler_pty_slave::fstat (struct stat *st)
if (input_available_event)
to_close = true;
}
+ st->st_mode = S_IFCHR;
if (!input_available_event
|| get_object_attribute (input_available_event, &st->st_uid, &st->st_gid,
&st->st_mode))
@@ -1167,6 +1169,7 @@ fhandler_pty_slave::fchmod (mode_t mode)
security_descriptor sd;
uid_t uid;
gid_t gid;
+ mode_t orig_mode = S_IFCHR;
if (!input_available_event)
{
@@ -1176,8 +1179,8 @@ fhandler_pty_slave::fchmod (mode_t mode)
}
sd.malloc (sizeof (SECURITY_DESCRIPTOR));
RtlCreateSecurityDescriptor (sd, SECURITY_DESCRIPTOR_REVISION);
- if (!get_object_attribute (input_available_event, &uid, &gid, NULL)
- && !create_object_sd_from_attribute (uid, gid, mode, sd))
+ if (!get_object_attribute (input_available_event, &uid, &gid, &orig_mode)
+ && !create_object_sd_from_attribute (uid, gid, S_IFCHR | mode, sd))
ret = fch_set_sd (sd, false);
errout:
if (to_close)
@@ -1190,10 +1193,10 @@ fhandler_pty_slave::fchown (uid_t uid, gid_t gid)
{
int ret = -1;
bool to_close = false;
- mode_t mode = 0;
+ security_descriptor sd;
uid_t o_uid;
gid_t o_gid;
- security_descriptor sd;
+ mode_t mode = S_IFCHR;
if (uid == ILLEGAL_UID && gid == ILLEGAL_GID)
return 0;
@@ -1754,7 +1757,8 @@ fhandler_pty_master::setup ()
sd.malloc (sizeof (SECURITY_DESCRIPTOR));
RtlCreateSecurityDescriptor (sd, SECURITY_DESCRIPTOR_REVISION);
if (!create_object_sd_from_attribute (myself->uid, myself->gid,
- S_IRUSR | S_IWUSR | S_IWGRP, sd))
+ S_IFCHR | S_IRUSR | S_IWUSR | S_IWGRP,
+ sd))
sa.lpSecurityDescriptor = (PSECURITY_DESCRIPTOR) sd;
/* Carefully check that the input_available_event didn't already exist.
diff --git a/winsup/cygwin/security.cc b/winsup/cygwin/security.cc
index ac25d71..4e02bca 100644
--- a/winsup/cygwin/security.cc
+++ b/winsup/cygwin/security.cc
@@ -401,14 +401,9 @@ get_object_attribute (HANDLE handle, uid_t *uidret, gid_t *gidret,
mode_t *attribute)
{
security_descriptor sd;
- mode_t attr = S_IFCHR;
if (get_object_sd (handle, sd))
return -1;
- if (attribute)
- *attribute |= S_IFCHR;
- else
- attribute = &attr;
return get_posix_access (sd, attribute, uidret, gidret, NULL, 0)
>= 0 ? 0 : -1;
}
@@ -417,7 +412,7 @@ int
create_object_sd_from_attribute (uid_t uid, gid_t gid, mode_t attribute,
security_descriptor &sd)
{
- return set_posix_access (S_IFCHR | attribute, uid, gid, NULL, 0, sd, false)
+ return set_posix_access (attribute, uid, gid, NULL, 0, sd, false)
? 0 : -1;
}
More information about the Cygwin-cvs
mailing list