Skip to content

Commit 07cf05c

Browse files
staticfloatstaticfloat
committed
win,fs: Apply "other" permissions to all groups we are not a part of
Previously, we would apply permissions only to groups that we were a part of, but we should apply our "other" permissions to groups that we are not a part of.
1 parent f9427ca commit 07cf05c

File tree

1 file changed

+13
-16
lines changed

1 file changed

+13
-16
lines changed

src/win/fs.c

Lines changed: 13 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -2414,16 +2414,8 @@ static void fs__chmod(uv_fs_t* req) {
24142414
continue;
24152415
}
24162416

2417-
/* Check to see if our user is a member of this group */
2418-
if (!CheckTokenMembership(hImpersonatedToken, pEASid, &isMember)) {
2419-
SET_REQ_WIN32_ERROR(req, GetLastError());
2420-
goto chmod_cleanup;
2421-
}
2422-
2423-
/* If we're a member, then count it */
2424-
if (isMember) {
2425-
numOtherGroups++;
2426-
}
2417+
/* Count these as "other" groups */
2418+
numOtherGroups++;
24272419
}
24282420

24292421
/* Create an ACE for each triplet (user, group, other) */
@@ -2483,16 +2475,21 @@ static void fs__chmod(uv_fs_t* req) {
24832475
}
24842476

24852477
/*
2486-
* If we're a member, then count it. We limit our `ea_write_idx` to avoid
2487-
* the unlikely event that we have been added to a group since we first
2488-
* calculated `numOtherGroups`.
2478+
* We limit our `ea_write_idx` to avoid the unlikely event that we
2479+
* have been added to a group since we first calculated `numOtherGroups`.
24892480
*/
2490-
if (isMember && ea_write_idx < numNewEAs) {
2491-
build_access_struct(&ea[ea_write_idx], pEASid, TRUSTEE_IS_GROUP, 0, REVOKE_ACCESS);
2481+
assert(ea_write_idx <= numNewEAs - 3);
2482+
if (isMember) {
2483+
build_access_struct(&ea[ea_write_idx + 0], pEASid, TRUSTEE_IS_GROUP, 0, REVOKE_ACCESS);
24922484
build_access_struct(&ea[ea_write_idx + 1], pEASid, TRUSTEE_IS_GROUP, g_deny_mode, DENY_ACCESS);
24932485
build_access_struct(&ea[ea_write_idx + 2], pEASid, TRUSTEE_IS_GROUP, g_mode, SET_ACCESS);
2494-
ea_write_idx += 3;
2486+
} else {
2487+
/* We revoke a second time here to keep offset management simple in groups of three. */
2488+
build_access_struct(&ea[ea_write_idx + 0], pEASid, TRUSTEE_IS_GROUP, 0, REVOKE_ACCESS);
2489+
build_access_struct(&ea[ea_write_idx + 1], pEASid, TRUSTEE_IS_GROUP, 0, REVOKE_ACCESS);
2490+
build_access_struct(&ea[ea_write_idx + 2], pEASid, TRUSTEE_IS_GROUP, o_mode, SET_ACCESS);
24952491
}
2492+
ea_write_idx += 3;
24962493
}
24972494

24982495
/* Set entries in the ACL object */

0 commit comments

Comments
 (0)