* security.cc (alloc_sd): Fix erroneous inheritence entry duplication.

2 files changed, 10 insertions, 3 deletions

diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog
index 06ce36314..25a395c1c 100644
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@@ -1,3 +1,7 @@
+2010-12-15  Corinna Vinschen  <corinna@vinschen.de>
+
+	* security.cc (alloc_sd): Fix erroneous inheritence entry duplication.
+
 2010-12-12  Corinna Vinschen  <corinna@vinschen.de>
 
 	* syscalls.cc (check_dir_not_empty): Never count more than 3 directory
diff --git a/winsup/cygwin/security.cc b/winsup/cygwin/security.cc
index 509bd1ab0..cddb3f173 100644
--- a/winsup/cygwin/security.cc
+++ b/winsup/cygwin/security.cc
@@ -648,8 +648,7 @@ alloc_sd (path_conv &pc, __uid32_t uid, __gid32_t gid, int attribute,
 	  if ((ace_sid == cur_owner_sid)
 	      || (ace_sid == owner_sid)
 	      || (ace_sid == cur_group_sid)
-	      || (ace_sid == group_sid)
-	      || (ace_sid == well_known_world_sid))
+	      || (ace_sid == group_sid))
 	    {
 	      if (ace->Header.AceFlags
 		  & (CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE))
@@ -657,7 +656,11 @@ alloc_sd (path_conv &pc, __uid32_t uid, __gid32_t gid, int attribute,
 	      else
 		continue;
 	    }
-	  else if (attribute & S_JUSTCREATED)
+	  else if ((ace_sid == well_known_creator_owner_sid)
+		   || (ace_sid == well_known_creator_group_sid)
+		   || (ace_sid == well_known_world_sid))
+	    continue;
+	  if (attribute & S_JUSTCREATED)
 	    {
 	      /* Since files and dirs are created with a NULL descriptor,
 		 inheritence rules kick in.  If no inheritable entries exist