* fhandler_disk_file.cc (fhandler_base::fstat_helper): Drop all "other"

	permissions from st_mode, if the reading the file's security descriptor
	failed.  Explain why.

diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog
index 703a3ee14a56fb77caa09560eaf38fbba527b169..02e6166065e2a68af4b4e2b24eef8b1e28b5a785 100644 (file)
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@@ -1,3 +1,9 @@
+2009-11-08  Corinna Vinschen  <corinna@vinschen.de>
+
+       * fhandler_disk_file.cc (fhandler_base::fstat_helper): Drop all "other"
+       permissions from st_mode, if the reading the file's security descriptor
+       failed.  Explain why.
+
 2009-11-06  Corinna Vinschen  <corinna@vinschen.de>
 
        * globals.cc (ro_u_scr): New R/O unicode string.

diff --git a/winsup/cygwin/fhandler_disk_file.cc b/winsup/cygwin/fhandler_disk_file.cc
index 44e03d31a2829623d3f6a6e0da26c3cd5f3cc55e..e5700047277518705abf0cb91d226bd9a2269712 100644 (file)
--- a/winsup/cygwin/fhandler_disk_file.cc
+++ b/winsup/cygwin/fhandler_disk_file.cc
@@ -670,6 +670,12 @@ fhandler_base::fstat_helper (struct __stat64 *buf,
 
       /* This fakes the permissions of all files to match the current umask. */
       buf->st_mode &= ~(cygheap->umask);
+      /* If the FS supports ACLs, we're here because we couldn't even open
+        the file for READ_CONTROL access.  Chances are high that the file's
+        security descriptor has no ACE for "Everyone", so we should not fake
+        any access for "others". */
+      if (has_acls ())
+       buf->st_mode &= ~(S_IROTH | S_IWOTH | S_IXOTH);
     }
 
  done: