Address review comments on libuv patch

[staticfloat]

This hopefully addresses the two actionable comments from @erw7. In particular:

• We use AccessCheck() unconditionally on during access().

• I don't allow other to have more permissions than group. This is necessary because in cases like chmod("foo", 0o757), the DENY entry for group (necessary because other has more permissions than group) ends up blocking the user, due to the fact that user belongs to group. So I just mask out any bits that other has that group doesn't, so 0o757 turns into 0o755. You can still have 0o057, or 0o700 or whatever, it's just the case where other has bits that group doesn't that gets fixed up.

[musm]

Does this solve issues like the following:

mkdir("C:\\test")
chmod("C:\\test", 0o777)
rm("C:\\test") # currently a permission denied error

# On the other hand, without chmod
mkdir("C:\\test")
rm("C:\\test") # works

[vtjnash]

bump

[vtjnash]

bump

[staticfloat]

With the latest commit on windows:

mktempdir() do dir
    foo = joinpath(dir, "foo")
    @info("default")
    touch(foo)
    run(`icacls $(foo)`)

    for perm in (0o777, 0o757, 0o750, 0o600)
        @info(string(perm, base=8))
        chmod(foo, perm)
        run(`icacls $(foo)`)
        @show Sys.isexecutable(foo)
    end
end

Results in:

[ Info: default
C:\Users\Administrator\AppData\Local\Temp\jl_zAzid9\foo NT AUTHORITY\SYSTEM:(I)(F)
                                                        BUILTIN\Administrators:(I)(F)
                                                        DEBUGGING-AMDCI\Administrator:(I)(F)

Successfully processed 1 files; Failed processing 0 files
[ Info: 777
C:\Users\Administrator\AppData\Local\Temp\jl_zAzid9\foo BUILTIN\Administrators:(M,DC)
                                                        DEBUGGING-AMDCI\None:(M,DC)
                                                        Everyone:(M,DC)
                                                        NT AUTHORITY\SYSTEM:(M,DC)
                                                        DEBUGGING-AMDCI\Administrator:(M,DC)

Successfully processed 1 files; Failed processing 0 files
Sys.isexecutable(foo) = true
[ Info: 757
C:\Users\Administrator\AppData\Local\Temp\jl_zAzid9\foo BUILTIN\Administrators:(M,DC)
                                                        DEBUGGING-AMDCI\None:(RX,WA)
                                                        Everyone:(RX,WA)
                                                        NT AUTHORITY\SYSTEM:(RX,WA)
                                                        DEBUGGING-AMDCI\Administrator:(RX,WA)

Successfully processed 1 files; Failed processing 0 files
Sys.isexecutable(foo) = true
[ Info: 750
C:\Users\Administrator\AppData\Local\Temp\jl_zAzid9\foo BUILTIN\Administrators:(M,DC)
                                                        DEBUGGING-AMDCI\None:(RX,WA)
                                                        DEBUGGING-AMDCI\Administrator:(RX,WA)

Successfully processed 1 files; Failed processing 0 files
Sys.isexecutable(foo) = true
[ Info: 600
C:\Users\Administrator\AppData\Local\Temp\jl_zAzid9\foo BUILTIN\Administrators:(R,W,D,DC)

Successfully processed 1 files; Failed processing 0 files
Sys.isexecutable(foo) = false

Which I think all looks good to me. I also added some icacls calls to remove all ACE entries, hoping that this would cause the ACL to return NULL, and it continued to function just fine:

mktempdir() do dir
    foo = joinpath(dir, "foo")
    @info("default")
    touch(foo)
    run(`icacls $(foo)`)

    @info("NULL")
    run(`icacls $(foo) /inheritance:d`)
    run(`icacls $(foo) /remove "NT AUTHORITY\\SYSTEM"`)
    run(`icacls $(foo) /remove BUILTIN\\Administrators`)
    run(`icacls $(foo) /remove Administrator`)
    run(`icacls $(foo)`)

    for perm in (0o777, 0o757, 0o750, 0o600)
        @info(string(perm, base=8))
        chmod(foo, perm)
        run(`icacls $(foo)`)
        @show Sys.isexecutable(foo)
    end
end

[ Info: default
C:\Users\Administrator\AppData\Local\Temp\jl_3cqGE6\foo NT AUTHORITY\SYSTEM:(I)(F)
                                                        BUILTIN\Administrators:(I)(F)
                                                        DEBUGGING-AMDCI\Administrator:(I)(F)

Successfully processed 1 files; Failed processing 0 files
[ Info: NULL
processed file: C:\Users\Administrator\AppData\Local\Temp\jl_3cqGE6\foo
Successfully processed 1 files; Failed processing 0 files
processed file: C:\Users\Administrator\AppData\Local\Temp\jl_3cqGE6\foo
Successfully processed 1 files; Failed processing 0 files
processed file: C:\Users\Administrator\AppData\Local\Temp\jl_3cqGE6\foo
Successfully processed 1 files; Failed processing 0 files
processed file: C:\Users\Administrator\AppData\Local\Temp\jl_3cqGE6\foo
Successfully processed 1 files; Failed processing 0 files
C:\Users\Administrator\AppData\Local\Temp\jl_3cqGE6\foo 
Successfully processed 1 files; Failed processing 0 files
[ Info: 777
C:\Users\Administrator\AppData\Local\Temp\jl_3cqGE6\foo BUILTIN\Administrators:(M,DC)
                                                        DEBUGGING-AMDCI\None:(M,DC)
                                                        Everyone:(M,DC)

Successfully processed 1 files; Failed processing 0 files
Sys.isexecutable(foo) = true
[ Info: 757
C:\Users\Administrator\AppData\Local\Temp\jl_3cqGE6\foo BUILTIN\Administrators:(M,DC)
                                                        DEBUGGING-AMDCI\None:(RX,WA)
                                                        Everyone:(RX,WA)

Successfully processed 1 files; Failed processing 0 files
Sys.isexecutable(foo) = true
[ Info: 750
C:\Users\Administrator\AppData\Local\Temp\jl_3cqGE6\foo BUILTIN\Administrators:(M,DC)
                                                        DEBUGGING-AMDCI\None:(RX,WA)

Successfully processed 1 files; Failed processing 0 files
Sys.isexecutable(foo) = true
[ Info: 600
C:\Users\Administrator\AppData\Local\Temp\jl_3cqGE6\foo BUILTIN\Administrators:(R,W,D,DC)

Successfully processed 1 files; Failed processing 0 files
Sys.isexecutable(foo) = false

[vtjnash]

CI is unhappy with this currently:

D:\a\libuv\libuv\src\win\fs.c(2448,3): warning C4013: 'build_access_struct' undefined; assuming extern returning int D:\a\libuv\libuv\src\win\fs.c(2518,37): error C2065: 'S_IWUSR': undeclared identifier D:\a\libuv\libuv\src\win\fs.c(2518,47): error C2065: 'S_IWGRP': undeclared identifier D:\a\libuv\libuv\src\win\fs.c(2518,56): error C2065: 'S_IWOTH': undeclared identifier D:\a\libuv\libuv\src\win\fs.c(2521,37): error C2065: 'S_IWUSR': undeclared identifier D:\a\libuv\libuv\src\win\fs.c(2521,47): error C2065: 'S_IWGRP': undeclared identifier D:\a\libuv\libuv\src\win\fs.c(2521,56): error C2065: 'S_IWOTH': undeclared identifier

[vtjnash]

we can merge once CI passes

[staticfloat]

I can't tell if CI is passing 😅

[vtjnash]

Fair point, but let's say at least "builds" even if it does not then pass all tests

[staticfloat]

It does build on our windows CI machines, which is where I tested it. What build status should I pay attention to here that says it doesn't build?

[vtjnash]

The console here for GitHub actions splits up the jobs by stage. FWIW, it is an MSVC thing, probably where the definitions are supposed to have a leading _ but where mingw-w64 adds extra ones without the underscore for simplicity

[staticfloat]

I tried using _mode_t, but it doesn't know that one either. I decided to just use DWORD, since this variable is completely of our own construction anyway.

[vtjnash]

still failing CI

D:\a\libuv\libuv\src\win\fs.c(2432,41): error C2065: 'S_IRWXU': undeclared identifier [D:\a\libuv\libuv\build\uv.vcxproj]
[104](https://github.com/JuliaLang/libuv/actions/runs/3621315770/jobs/6104606485#step:4:105)

[staticfloat]

Hmmm, should I #define those if they're missing?

[vtjnash]

yep

[vtjnash]

bump?

[vtjnash]

bump?