From: Steve Dower <steve.dower@python.org>
Date: Thu, 2 May 2024 18:43:54 +0000 (+0100)
Subject: gh-118486: Switch mkdir(mode=0o700) on Windows to use OWNER RIGHTS instead of CURRENT... 
X-Git-Tag: v3.13.0b1~149
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=8ed546679524140d8282175411fd141fe7df070d;p=thirdparty%2FPython%2Fcpython.git

gh-118486: Switch mkdir(mode=0o700) on Windows to use OWNER RIGHTS instead of CURRENT_USER (GH-118515)
---

diff --git a/Modules/posixmodule.c b/Modules/posixmodule.c
index f9533577a8fa..e1a14e772c4b 100644
--- a/Modules/posixmodule.c
+++ b/Modules/posixmodule.c
@@ -5587,6 +5587,7 @@ struct _Py_SECURITY_ATTRIBUTE_DATA {
     PACL acl;
     SECURITY_DESCRIPTOR sd;
     EXPLICIT_ACCESS_W ea[4];
+    char sid[64];
 };
 
 static int
@@ -5616,13 +5617,25 @@ initializeMkdir700SecurityAttributes(
         return GetLastError();
     }
 
+    int use_alias = 0;
+    DWORD cbSid = sizeof(data->sid);
+    if (!CreateWellKnownSid(WinCreatorOwnerRightsSid, NULL, (PSID)data->sid, &cbSid)) {
+        use_alias = 1;
+    }
+
     data->securityAttributes.nLength = sizeof(SECURITY_ATTRIBUTES);
     data->ea[0].grfAccessPermissions = GENERIC_ALL;
     data->ea[0].grfAccessMode = SET_ACCESS;
     data->ea[0].grfInheritance = SUB_CONTAINERS_AND_OBJECTS_INHERIT;
-    data->ea[0].Trustee.TrusteeForm = TRUSTEE_IS_NAME;
-    data->ea[0].Trustee.TrusteeType = TRUSTEE_IS_ALIAS;
-    data->ea[0].Trustee.ptstrName = L"CURRENT_USER";
+    if (use_alias) {
+        data->ea[0].Trustee.TrusteeForm = TRUSTEE_IS_NAME;
+        data->ea[0].Trustee.TrusteeType = TRUSTEE_IS_ALIAS;
+        data->ea[0].Trustee.ptstrName = L"CURRENT_USER";
+    } else {
+        data->ea[0].Trustee.TrusteeForm = TRUSTEE_IS_SID;
+        data->ea[0].Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP;
+        data->ea[0].Trustee.ptstrName = (LPWCH)(SID*)data->sid;
+    }
 
     data->ea[1].grfAccessPermissions = GENERIC_ALL;
     data->ea[1].grfAccessMode = SET_ACCESS;