From a889232410572313c752873e28c78f020dd568f3 Mon Sep 17 00:00:00 2001 From: Corinna Vinschen Date: Tue, 12 Dec 2006 18:47:25 +0000 Subject: [PATCH] * environ.cc (set_traverse): Remove. (parse_thing): Drop "traverse" option. * path.cc (fs_info::update): Don't request SE_CHANGE_NOTIFY_PRIV privilege. * sec_helper.cc (set_cygwin_privileges): Ditto. * security.cc (allow_traverse): Remove. (alloc_sd): Drop special allow_traverse code. * security.h (allow_traverse): Drop declaration. * syscalls.cc (statvfs): Don't request SE_CHANGE_NOTIFY_PRIV privilege. --- winsup/cygwin/ChangeLog | 12 ++++++++++++ winsup/cygwin/environ.cc | 7 ------- winsup/cygwin/path.cc | 6 ------ winsup/cygwin/sec_helper.cc | 1 - winsup/cygwin/security.cc | 9 --------- winsup/cygwin/security.h | 1 - winsup/cygwin/syscalls.cc | 4 ---- 7 files changed, 12 insertions(+), 28 deletions(-) diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog index 306e52e66..3cfc53451 100644 --- a/winsup/cygwin/ChangeLog +++ b/winsup/cygwin/ChangeLog @@ -1,3 +1,15 @@ +2006-12-12 Corinna Vinschen + + * environ.cc (set_traverse): Remove. + (parse_thing): Drop "traverse" option. + * path.cc (fs_info::update): Don't request SE_CHANGE_NOTIFY_PRIV + privilege. + * sec_helper.cc (set_cygwin_privileges): Ditto. + * security.cc (allow_traverse): Remove. + (alloc_sd): Drop special allow_traverse code. + * security.h (allow_traverse): Drop declaration. + * syscalls.cc (statvfs): Don't request SE_CHANGE_NOTIFY_PRIV privilege. + 2006-12-12 Corinna Vinschen Partially revert change from 2005-04-03, always running under an diff --git a/winsup/cygwin/environ.cc b/winsup/cygwin/environ.cc index ec4edf521..864127a43 100644 --- a/winsup/cygwin/environ.cc +++ b/winsup/cygwin/environ.cc @@ -571,12 +571,6 @@ set_ntsec (const char *buf) allow_ntsec = (buf && strcasematch (buf, "yes") && wincap.has_security ()); } -static void -set_traverse (const char *buf) -{ - allow_traverse = (buf && strcasematch (buf, "yes") && wincap.has_security ()); -} - static void set_smbntsec (const char *buf) { @@ -628,7 +622,6 @@ static struct parse_thing {"subauth_id", {func: &subauth_id_init}, isfunc, NULL, {{0}, {0}}}, #endif {"title", {&display_title}, justset, NULL, {{false}, {true}}}, - {"traverse", {func: set_traverse}, isfunc, NULL, {{0}, {s: "yes"}}}, {"tty", {NULL}, set_process_state, NULL, {{0}, {PID_USETTY}}}, {"winsymlinks", {&allow_winsymlinks}, justset, NULL, {{false}, {true}}}, {"transparent_exe", {&transparent_exe}, justset, NULL, {{false}, {true}}}, diff --git a/winsup/cygwin/path.cc b/winsup/cygwin/path.cc index 9b8cd0d78..bbc023968 100644 --- a/winsup/cygwin/path.cc +++ b/winsup/cygwin/path.cc @@ -413,10 +413,6 @@ fs_info::update (const char *win32_path) name_hash = tmp_name_hash; root_len = strlen (root_dir); - /* I have no idea why, but some machines require SeChangeNotifyPrivilege - to access volume information. */ - push_thread_privilege (SE_CHANGE_NOTIFY_PRIV, true); - drive_type (GetDriveType (root_dir)); if (drive_type () == DRIVE_REMOTE || (drive_type () == DRIVE_UNKNOWN @@ -428,8 +424,6 @@ fs_info::update (const char *win32_path) ret = GetVolumeInformation (root_dir, NULL, 0, &status.serial, NULL, &status.flags, fsname, sizeof (fsname)); - pop_thread_privilege (); - if (!ret && !is_remote_drive ()) { debug_printf ("Cannot get volume information (%s), %E", root_dir); diff --git a/winsup/cygwin/sec_helper.cc b/winsup/cygwin/sec_helper.cc index f1caf487d..41a9b16d6 100644 --- a/winsup/cygwin/sec_helper.cc +++ b/winsup/cygwin/sec_helper.cc @@ -507,7 +507,6 @@ set_cygwin_privileges (HANDLE token) { set_privilege (token, SE_RESTORE_PRIV, true); set_privilege (token, SE_BACKUP_PRIV, true); - set_privilege (token, SE_CHANGE_NOTIFY_PRIV, !allow_traverse); } /* Function to return a common SECURITY_DESCRIPTOR that diff --git a/winsup/cygwin/security.cc b/winsup/cygwin/security.cc index d25e3c68b..ef7c65f76 100644 --- a/winsup/cygwin/security.cc +++ b/winsup/cygwin/security.cc @@ -48,7 +48,6 @@ bool allow_ntsec; /* allow_smbntsec is handled exclusively in path.cc (path_conv::check). It's defined here because of it's strong relationship to allow_ntsec. */ bool allow_smbntsec; -bool allow_traverse; extern "C" void cygwin_set_impersonation_token (const HANDLE hToken) @@ -1833,14 +1832,6 @@ alloc_sd (__uid32_t uid, __gid32_t gid, int attribute, /* Construct allow attribute for owner. */ DWORD owner_allow = STANDARD_RIGHTS_ALL | FILE_WRITE_ATTRIBUTES | FILE_WRITE_EA; - /* This has nothing to do with traverse checking in the first place, but - since traverse checking is the setting which switches to POSIX-like - permission rules, the below is all too similar. Removing the delete - bit for a file or directory results in checking the parent directories' - ACL, if the current user has the FILE_DELETE_CHILD bit set. This is - how it is on POSIX systems. */ - if (allow_traverse) - owner_allow &= ~DELETE; if (attribute & S_IRUSR) owner_allow |= FILE_GENERIC_READ; if (attribute & S_IWUSR) diff --git a/winsup/cygwin/security.h b/winsup/cygwin/security.h index dec066009..8a5e0aa9b 100644 --- a/winsup/cygwin/security.h +++ b/winsup/cygwin/security.h @@ -338,7 +338,6 @@ legal_sid_type (SID_NAME_USE type) extern bool allow_ntea; extern bool allow_ntsec; extern bool allow_smbntsec; -extern bool allow_traverse; /* File manipulation */ int __stdcall get_file_attribute (int, HANDLE, const char *, mode_t *, diff --git a/winsup/cygwin/syscalls.cc b/winsup/cygwin/syscalls.cc index fc9bbe50e..d126e79c2 100644 --- a/winsup/cygwin/syscalls.cc +++ b/winsup/cygwin/syscalls.cc @@ -1904,8 +1904,6 @@ statvfs (const char *fname, struct statvfs *sfs) DWORD spc, bps, availc, freec, totalc, vsn, maxlen, flags; BOOL status, statusex; - push_thread_privilege (SE_CHANGE_NOTIFY_PRIV, true); - /* GetDiskFreeSpaceEx must be called before GetDiskFreeSpace on WinME, to avoid the MS KB 314417 bug */ statusex = GetDiskFreeSpaceEx (root, &availb, &totalb, &freeb); @@ -1970,8 +1968,6 @@ statvfs (const char *fname, struct statvfs *sfs) if (ret) __seterrno (); - pop_thread_privilege (); - return ret; }