Cygwin: get_posix_access: do not merge permissions for just created f…

…iles When creating the POSIX ACL rewrite, the code merging permissions from everyone/group to group/user ACEs was accidentally called for newly generated files as well. This could result in broken permissions, if umask used unusual values like "0100", granted permissions to everyone/group not granted to group/user. Make sure to skip permission merging if the file got just created and we only want to set correct permissions for the first time. Fixes: bc444e5 ("Reapply POSIX ACL changes.") Reported-by: Jon Turney <[email protected]> Signed-off-by: Corinna Vinschen <[email protected]>
jonathanlyonmoore · Jul 21, 2023 · 971d2df · 971d2df
1 parent 8b0b719
commit 971d2df
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/winsup/cygwin/sec/acl.cc b/winsup/cygwin/sec/acl.cc
@@ -1103,7 +1103,7 @@ get_posix_access (PSECURITY_DESCRIPTOR psd,
     pos = MAX_ACL_ENTRIES;
 
   /* For old-style or non-Cygwin ACLs, check for merging permissions. */
-  if (!new_style)
+  if (!just_created && !new_style)
     for (idx = 0; idx < pos; ++idx)
       {
 	if (lacl[idx].a_type & (USER_OBJ | USER)