[Bob.Burger@sagian.com: 1.3.19: Everyone has write access to .lnk symbolic link files]

Corinna Vinschen vinschen@redhat.com
Tue Feb 4 17:31:00 GMT 2003


----- Forwarded message from Bob.Burger@sagian.com -----
Date: Tue, 4 Feb 2003 11:48:55 -0500 
From: Bob.Burger@sagian.com
Subject: 1.3.19: Everyone has write access to .lnk symbolic link files
To: cygwin@cygwin.com

The DACL of symbolic link files created by "ln -s" on NTFS partitions gives
Everyone write access to the .lnk file.
----- End forwarded message -----

it's a valid point to complain about this.  Currently symlinks get the
attributes "rwxrwxrwx" which allows everyone to remove or modify the symlink.
According to the behaviour on Linux, the symlink should always have
permissions like "rw-r--r--" and only stat() returns "rwxrwxrwx".  The
change is very easy

  Index: security.cc
  RCS file: /cvs/src/src/winsup/cygwin/security.cc,v
  retrieving revision 1.133
  diff -u -p -r1.133 security.cc
  --- security.cc 3 Feb 2003 15:55:19 -0000       1.133
  +++ security.cc 4 Feb 2003 17:30:18 -0000
  @@ -1855,7 +1855,7 @@ set_security_attribute (int attribute, P
     /* symlinks are anything for everyone! */
     if ((attribute & S_IFLNK) == S_IFLNK)
  -    attribute |= S_IRWXU | S_IRWXG | S_IRWXO;
  +    attribute = STD_RBITS | STD_WBITS;
     psa->lpSecurityDescriptor = sd_buf;
     InitializeSecurityDescriptor ((PSECURITY_DESCRIPTOR) sd_buf,

and I actually doubt that it will negatively affect Cygwin but I'm not
100% sure if I'm missing something.

What do you think?


Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                                mailto:cygwin@cygwin.com
Red Hat, Inc.

More information about the Cygwin-developers mailing list