[Python-checkins] gh-118486: Switch mkdir(mode=0o700) on Windows to use OWNER RIGHTS instead of CURRENT_USER (GH-118515)

Thu, 02 May 2024 11:44:28 -0700 

https://github.com/python/cpython/commit/8ed546679524140d8282175411fd141fe7df070d
commit: 8ed546679524140d8282175411fd141fe7df070d
branch: main
author: Steve Dower <[email protected]>
committer: zooba <[email protected]>
date: 2024-05-02T19:43:54+01:00
summary:

gh-118486: Switch mkdir(mode=0o700) on Windows to use OWNER RIGHTS instead of 
CURRENT_USER (GH-118515)

files:
M Modules/posixmodule.c

diff --git a/Modules/posixmodule.c b/Modules/posixmodule.c
index f9533577a8fa34..e1a14e772c4bd0 100644
--- a/Modules/posixmodule.c
+++ b/Modules/posixmodule.c
@@ -5587,6 +5587,7 @@ struct _Py_SECURITY_ATTRIBUTE_DATA {
     PACL acl;
     SECURITY_DESCRIPTOR sd;
     EXPLICIT_ACCESS_W ea[4];
+    char sid[64];
 };
 
 static int
@@ -5616,13 +5617,25 @@ initializeMkdir700SecurityAttributes(
         return GetLastError();
     }
 
+    int use_alias = 0;
+    DWORD cbSid = sizeof(data->sid);
+    if (!CreateWellKnownSid(WinCreatorOwnerRightsSid, NULL, (PSID)data->sid, 
&cbSid)) {
+        use_alias = 1;
+    }
+
     data->securityAttributes.nLength = sizeof(SECURITY_ATTRIBUTES);
     data->ea[0].grfAccessPermissions = GENERIC_ALL;
     data->ea[0].grfAccessMode = SET_ACCESS;
     data->ea[0].grfInheritance = SUB_CONTAINERS_AND_OBJECTS_INHERIT;
-    data->ea[0].Trustee.TrusteeForm = TRUSTEE_IS_NAME;
-    data->ea[0].Trustee.TrusteeType = TRUSTEE_IS_ALIAS;
-    data->ea[0].Trustee.ptstrName = L"CURRENT_USER";
+    if (use_alias) {
+        data->ea[0].Trustee.TrusteeForm = TRUSTEE_IS_NAME;
+        data->ea[0].Trustee.TrusteeType = TRUSTEE_IS_ALIAS;
+        data->ea[0].Trustee.ptstrName = L"CURRENT_USER";
+    } else {
+        data->ea[0].Trustee.TrusteeForm = TRUSTEE_IS_SID;
+        data->ea[0].Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP;
+        data->ea[0].Trustee.ptstrName = (LPWCH)(SID*)data->sid;
+    }
 
     data->ea[1].grfAccessPermissions = GENERIC_ALL;
     data->ea[1].grfAccessMode = SET_ACCESS;

_______________________________________________
Python-checkins mailing list -- [email protected]
To unsubscribe send an email to [email protected]
https://mail.python.org/mailman3/lists/python-checkins.python.org/
Member address: [email protected]

Reply via email to