From f9a963b8a0ce302d51172a097fb1fe106ad417f6 Mon Sep 17 00:00:00 2001
From: Corinna Vinschen <corinna@vinschen.de>
Date: Tue, 15 May 2007 16:33:20 +0000
Subject: [PATCH] 	* fhandler_socket.cc (adjust_socket_file_mode): New
 inline function. 	(fhandler_socket::fchmod): Squeeze mode through
 adjust_socket_file_mode 	before using it. 
 (fhandler_socket::bind): Ditto.

---
 winsup/cygwin/ChangeLog          | 11 +++++++++--
 winsup/cygwin/fhandler_socket.cc | 17 +++++++++++++++--
 2 files changed, 24 insertions(+), 4 deletions(-)

diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog
index d6cfecbaa..9da3832f3 100644
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@@ -1,4 +1,11 @@
-007-03-19  Ryan C. Gordon  <icculus@icculus.org>
+2007-05-15  Corinna Vinschen  <corinna@vinschen.de>
+
+	* fhandler_socket.cc (adjust_socket_file_mode): New inline function.
+	(fhandler_socket::fchmod): Squeeze mode through adjust_socket_file_mode
+	before using it.
+	(fhandler_socket::bind): Ditto.
+
+2007-03-19  Ryan C. Gordon  <icculus@icculus.org>
 
 	* path.cc (fs_info::update): Set and use is_cdrom.
 	* path.cc (fillout_mntent): Set ret.mnt_type to something more
@@ -10,7 +17,7 @@
 	* path.h (class path_conv): Add fs_is_cdrom method.  Add missing
 	fs_is_netapp method.
 
-007-05-14  Eric Blake  <ebb9@byu.net>
+2007-05-14  Eric Blake  <ebb9@byu.net>
 
 	* cygwin.din (asnprintf, dprint, _Exit, vasnprintf, vdprintf): Export.
 	* include/cygwin/version.h: Bump API minor number.
diff --git a/winsup/cygwin/fhandler_socket.cc b/winsup/cygwin/fhandler_socket.cc
index d5384fe46..59ec88e0c 100644
--- a/winsup/cygwin/fhandler_socket.cc
+++ b/winsup/cygwin/fhandler_socket.cc
@@ -50,6 +50,18 @@ int sscanf (const char *, const char *, ...);
 
 fhandler_dev_random* entropy_source;
 
+static inline mode_t
+adjust_socket_file_mode (mode_t mode)
+{
+  /* Kludge: Don't allow to remove read bit on socket files for
+     user/group/other, if the accompanying write bit is set.  It would
+     be nice to have exact permissions on a socket file, but it's
+     necessary that somebody able to access the socket can always read
+     the contents of the socket file to avoid spurious "permission
+     denied" messages. */
+  return mode | ((mode & (S_IWUSR | S_IWGRP | S_IWOTH)) << 1);
+}
+
 /* cygwin internal: map sockaddr into internet domain address */
 static int
 get_inet_addr (const struct sockaddr *in, int inlen,
@@ -687,7 +699,7 @@ fhandler_socket::fchmod (mode_t mode)
     {
       fhandler_disk_file fh (pc);
       fh.get_device () = FH_FS;
-      int ret = fh.fchmod (mode);
+      int ret = fh.fchmod (adjust_socket_file_mode (mode));
       SetFileAttributes	(pc, GetFileAttributes (pc) | FILE_ATTRIBUTE_SYSTEM);
       return ret;
     }
@@ -799,7 +811,8 @@ fhandler_socket::bind (const struct sockaddr *name, int namelen)
 	  set_errno (EADDRINUSE);
 	  goto out;
 	}
-      mode_t mode = (S_IRWXU | S_IRWXG | S_IRWXO) & ~cygheap->umask;
+      mode_t mode = adjust_socket_file_mode ((S_IRWXU | S_IRWXG | S_IRWXO)
+					     & ~cygheap->umask);
       DWORD attr = FILE_ATTRIBUTE_SYSTEM;
       if (!(mode & (S_IWUSR | S_IWGRP | S_IWOTH)))
 	attr |= FILE_ATTRIBUTE_READONLY;