This is the mail archive of the cygwin-patches@cygwin.com mailing list for the Cygwin project.
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
Other format: | [Raw text] |
Corinna, Here is a patch with a new implementation of access() using AccessCheck. Compared to the old version, the readonly attribute and the deny ace's are taken into account, and the function does not rely on /etc/passwd nor on /etc/group. It also seems to be somewhat faster. I was wondering if it would declare that all directories are x, because of the Bypass Traverse (a.k.a. Change Notify) privilege, but it doesn't. Except for that it reflects the Windows permissions perfectly. Note that the builtin "test" in ash uses access(), but /bin/test and bash don't. /> ls -l test --wx-wx---+ 1 PHumblet Users 43310 Oct 24 15:13 test* /> sh -c 'if [ -r test ]; then echo yes; else echo no; fi' yes <== CORRECT! /> bash -c 'if [ -r test ]; then echo yes; else echo no; fi' no <== WRONG /> getfacl test # file: test # owner: PHumblet # group: Users user::--x group::-wx group:Administrators:r-x <== NOT CONSIDERED BY bash mask:rwx other:--- The reason that bash and /bin/test do not use access() is that according to POSIX (but not to Cygwin), access() reflects the permissions for the real (and not effective) {u,g}ids. Thus these two programs define an eaccess() function based on stat(). It doesn't work properly on Cygwin, as shown above. However bash already uses access() when AFS is defined. Thus it would be a 1/2 line patch in bash (test.c and findcmd.c) to also use access() for Cygwin. - #if defined (AFS) + #if defined (AFS) || defined (__CYGWIN__) That would be a significant improvement, IMO. What do you think? Going off-topic, there is a strange feature in findcmd.c (file_status). If we are the owner of a file but do not have x permission, and the gid is one of our groups and has x permission, or others have x permission, then bash considers that the file is executable, although it isn't for us. /* If `others' have execute permission to the file, then so do we, since we are also `others'. */ Fortunately this interpretation is not present in the eaccess function. Finally I have two questions: 1) Is (!real_path.exists ()) a reliable indicator of file non-existence? If so, shouldn't stat take advantage of that, for disk files? Stat currently tries twice to open non-existent files. 2) I am not sure when to use LoadDLLfuncEx vs. LoadDLLfunc. Pierre 2003-02-21 Pierre Humblet <pierre dot humblet at ieee dot org> * autoload.cc (AccessCheck): Add. (DuplicateToken): Add. * security.h (check_file_access): Declare. * syscalls.cc (access): Convert path to Windows, check existence and readonly attribute. Call check_file_access instead of acl_access. * security.cc (check_file_access): Create. * sec_acl (acl_access): Delete.
Attachment:
access.diff
Description: Text document
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |