Cygwin: mkdir: use correct default permissions filtered by umask

Older coreutils created directories with mode bits filtered through umask. Newer coreutils creates directories with full permissions, 0777 by default. This new coreutils behaviour uncovered the fact that default ACEs for newly created directories were not filtered by umask starting with commit bc444e5aa4ca. Fix it by applying umask on the default ACEs. Fixes: bc444e5aa4ca ("Reapply POSIX ACL change.") Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
author: Corinna Vinschen <corinna@vinschen.de> 2023-02-09 21:25:03 +0100
committer: Corinna Vinschen <corinna@vinschen.de> 2023-02-09 21:59:47 +0100
commit: 56751f7f05dca86be15642628c874ea0b2207fc6 (patch)
tree: 31b9b770188f16010a1329b3b31e83b116321539
parent: df34bd951d5cccdfee8ad6d1c658953305b5b684 (diff)
download: newlib-56751f7f05dca86be15642628c874ea0b2207fc6.zip
newlib-56751f7f05dca86be15642628c874ea0b2207fc6.tar.gz
newlib-56751f7f05dca86be15642628c874ea0b2207fc6.tar.bz2
2 files changed, 8 insertions, 3 deletions
diff --git a/winsup/cygwin/release/3.4.6 b/winsup/cygwin/release/3.4.6
index c21c44f..f9288dc 100644
--- a/winsup/cygwin/release/3.4.6
+++ b/winsup/cygwin/release/3.4.6
@@ -6,3 +6,6 @@ Addresses: https://cygwin.com/pipermail/cygwin/2023-January/252916.html
 
 Don't reject valid server and share names when mounting.
 Addresses: https://cygwin.com/pipermail/cygwin/2023-January/252928.html
+
+Create directories with correctly umask-filtered default ACEs.
+Addresses: https://cygwin.com/pipermail/cygwin/2023-February/253037.html
diff --git a/winsup/cygwin/sec/base.cc b/winsup/cygwin/sec/base.cc
index dc85ca7..e84bc2a 100644
--- a/winsup/cygwin/sec/base.cc
+++ b/winsup/cygwin/sec/base.cc
@@ -495,23 +495,25 @@ set_created_file_access (HANDLE handle, path_conv &pc, mode_t attr)
 	     S_ISGID bit is set, propagate it. */
 	  if (S_ISDIR (attr))
 	    {
+	      mode_t def_attr = attr & ~cygheap->umask;
+
 	      if (searchace (aclp, nentries, DEF_USER_OBJ) < 0)
 		{
 		  aclp[nentries].a_type = DEF_USER_OBJ;
 		  aclp[nentries].a_id = ILLEGAL_UID;
-		  aclp[nentries++].a_perm = (attr >> 6) & S_IRWXO;
+		  aclp[nentries++].a_perm = (def_attr >> 6) & S_IRWXO;
 		}
 	      if (searchace (aclp, nentries, DEF_GROUP_OBJ) < 0)
 		{
 		  aclp[nentries].a_type = DEF_GROUP_OBJ;
 		  aclp[nentries].a_id = ILLEGAL_GID;
-		  aclp[nentries++].a_perm = (attr >> 3) & S_IRWXO;
+		  aclp[nentries++].a_perm = (def_attr >> 3) & S_IRWXO;
 		}
 	      if (searchace (aclp, nentries, DEF_OTHER_OBJ) < 0)
 		{
 		  aclp[nentries].a_type = DEF_OTHER_OBJ;
 		  aclp[nentries].a_id = ILLEGAL_UID;
-		  aclp[nentries++].a_perm = attr & S_IRWXO;
+		  aclp[nentries++].a_perm = def_attr & S_IRWXO;
 		}
 	      if (attr_rd & S_ISGID)
 		attr |= S_ISGID;
author	Corinna Vinschen <corinna@vinschen.de>	2023-02-09 21:25:03 +0100
committer	Corinna Vinschen <corinna@vinschen.de>	2023-02-09 21:59:47 +0100
commit	56751f7f05dca86be15642628c874ea0b2207fc6 (patch)
tree	31b9b770188f16010a1329b3b31e83b116321539
parent	df34bd951d5cccdfee8ad6d1c658953305b5b684 (diff)
download	newlib-56751f7f05dca86be15642628c874ea0b2207fc6.zip newlib-56751f7f05dca86be15642628c874ea0b2207fc6.tar.gz newlib-56751f7f05dca86be15642628c874ea0b2207fc6.tar.bz2