* security.cc (alloc_sd): Remove DELETE bit from user's ACE if

	allow_traverse is set.

2 files changed, 13 insertions, 0 deletions

diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog
index c5b5e69..54bfc8d 100644
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@@ -1,5 +1,10 @@
 2005-04-19  Corinna Vinschen  <corinna@vinschen.de>
 
+	* security.cc (alloc_sd): Remove DELETE bit from user's ACE if
+	allow_traverse is set.
+
+2005-04-19  Corinna Vinschen  <corinna@vinschen.de>
+
 	* cygwin.din (pselect): Export.
 	* select.cc (pselect): New function.
 	* include/cygwin/version.h: Bump API minor number.
diff --git a/winsup/cygwin/security.cc b/winsup/cygwin/security.cc
index e2a9426..5d7930c 100644
--- a/winsup/cygwin/security.cc
+++ b/winsup/cygwin/security.cc
@@ -1553,6 +1553,14 @@ alloc_sd (__uid32_t uid, __gid32_t gid, int attribute,
   /* Construct allow attribute for owner. */
   DWORD owner_allow = STANDARD_RIGHTS_ALL
 		      | FILE_WRITE_ATTRIBUTES | FILE_WRITE_EA;
+  /* This has nothing to do with traverse checking in the first place, but
+     since traverse checking is the setting which switches to POSIX-like
+     permission rules, the below is all too similar.  Removing the delete
+     bit for a file or directory results in checking the parent directories'
+     ACL, if the current user has the FILE_DELETE_CHILD bit set.  This is
+     how it is on POSIX systems. */
+  if (allow_traverse)
+    owner_allow &= ~DELETE;
   if (attribute & S_IRUSR)
     owner_allow |= FILE_GENERIC_READ;
   if (attribute & S_IWUSR)