get_posix_access: Skip merging permissions if user can't get more permissions

        * sec_acl.cc (get_posix_access): Skip merging permissions if current
        user has rwx permissions anywa, or if the sum of all group and other
        permissions is less than or equal to the user's permissions.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>

2 files changed, 17 insertions, 2 deletions

diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog
index 2f09ad4..2f12f32 100644
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@@ -1,5 +1,11 @@
 2015-11-10  Corinna Vinschen  <corinna@vinschen.de>
 
+	* sec_acl.cc (get_posix_access): Skip merging permissions if current
+	user has rwx permissions anywa, or if the sum of all group and other
+	permissions is less than or equal to the user's permissions.
+
+2015-11-10  Corinna Vinschen  <corinna@vinschen.de>
+
 	* sec_acl.cc (get_posix_access): Call authz_get_user_attribute on
 	current users, not on owner.
 
diff --git a/winsup/cygwin/sec_acl.cc b/winsup/cygwin/sec_acl.cc
index a9e1dea..f632410 100644
--- a/winsup/cygwin/sec_acl.cc
+++ b/winsup/cygwin/sec_acl.cc
@@ -1019,8 +1019,17 @@ get_posix_access (PSECURITY_DESCRIPTOR psd,
 	  {
 	    mode_t perm;
 
-	    /* If we use the Windows user DB, utilize Authz to make sure all
-	       user permissions are correctly reflecting the Windows
+	    /* Don't merge if the user already has all permissions, or... */
+	    if (lacl[idx].a_perm == S_IRWXO)
+	      continue;
+	    /* ...if the sum of perms is less than or equal the user's perms. */
+	    perm = lacl[idx].a_perm
+		   | (has_class_perm ? class_perm : lacl[1].a_perm)
+		   | lacl[2].a_perm;
+	    if (perm == lacl[idx].a_perm)
+	      continue;
+	    /* Otherwise, if we use the Windows user DB, utilize Authz to make
+	       sure all user permissions are correctly reflecting the Windows
 	       permissions. */
 	    if (cygheap->pg.nss_pwd_db ()
 		&& authz_get_user_attribute (&perm, psd, aclsid[idx]))