From aa9681ec3577151170907095e53febe11215b1d9 Mon Sep 17 00:00:00 2001 From: Corinna Vinschen Date: Sun, 8 Nov 2009 10:22:28 +0000 Subject: [PATCH] * fhandler_disk_file.cc (fhandler_base::fstat_helper): Drop all "other" permissions from st_mode, if the reading the file's security descriptor failed. Explain why. --- winsup/cygwin/ChangeLog | 6 ++++++ winsup/cygwin/fhandler_disk_file.cc | 6 ++++++ 2 files changed, 12 insertions(+) diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog index 703a3ee14..02e616606 100644 --- a/winsup/cygwin/ChangeLog +++ b/winsup/cygwin/ChangeLog @@ -1,3 +1,9 @@ +2009-11-08 Corinna Vinschen + + * fhandler_disk_file.cc (fhandler_base::fstat_helper): Drop all "other" + permissions from st_mode, if the reading the file's security descriptor + failed. Explain why. + 2009-11-06 Corinna Vinschen * globals.cc (ro_u_scr): New R/O unicode string. diff --git a/winsup/cygwin/fhandler_disk_file.cc b/winsup/cygwin/fhandler_disk_file.cc index 44e03d31a..e57000472 100644 --- a/winsup/cygwin/fhandler_disk_file.cc +++ b/winsup/cygwin/fhandler_disk_file.cc @@ -670,6 +670,12 @@ fhandler_base::fstat_helper (struct __stat64 *buf, /* This fakes the permissions of all files to match the current umask. */ buf->st_mode &= ~(cygheap->umask); + /* If the FS supports ACLs, we're here because we couldn't even open + the file for READ_CONTROL access. Chances are high that the file's + security descriptor has no ACE for "Everyone", so we should not fake + any access for "others". */ + if (has_acls ()) + buf->st_mode &= ~(S_IROTH | S_IWOTH | S_IXOTH); } done: -- 2.43.5