[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#12632: file permissions checking mishandled when setuid
From: |
Eli Zaretskii |
Subject: |
bug#12632: file permissions checking mishandled when setuid |
Date: |
Sun, 14 Oct 2012 20:39:06 +0200 |
> Date: Sun, 14 Oct 2012 11:14:39 -0700
> From: Paul Eggert <eggert@cs.ucla.edu>
> CC: 12632@debbugs.gnu.org
>
> > Emacs should be able to test whether a file exists even if it
> > will be unable to access it later.
>
> Emacs cannot do that. What 'access' does is ask, "If Emacs were
> to issue the seteuid system call, and change the effective user
> ID to the real user ID, would Emacs then be able to see that the
> file exists?" This does not test whether the file exists; it tests
> only whether Emacs could see that the file exists in a hypothetical
> situation that never actually happens (because Emacs never issues
> the seteuid system call). But this isn't what is wanted here:
> what is wanted is a test whether Emacs can currently see that the
> file exists, and that is what euidaccess does.
I can't argue with you, because you seem to bring arguments out of
some inner knowledge. The 'access' man page simply says this:
F_OK tests for the existence of the file.
It says nothing about granting any permissions (unlike when it
describes R_OK, W_OK, and X_OK).
> === modified file 'src/msdos.c'
> --- src/msdos.c 2012-09-23 08:44:20 +0000
> +++ src/msdos.c 2012-10-14 18:06:01 +0000
> @@ -3557,7 +3557,7 @@
> read-only filesystem, like CD-ROM or a write-protected floppy.
> The only way to be really sure is to actually create a file and
> see if it succeeds. But I think that's too much to ask. */
> - if (tmp && access (tmp, D_OK) == 0)
> + if (tmp && sys_access (tmp, D_OK) == 0)
> {
> setenv ("TMPDIR", tmp, 1);
> break;
> @@ -3935,7 +3935,7 @@
> readlink (const char *name, char *dummy1, size_t dummy2)
> {
> /* `access' is much faster than `stat' on MS-DOS. */
> - if (access (name, F_OK) == 0)
> + if (sys_access (name, F_OK) == 0)
> errno = EINVAL;
> return -1;
> }
This part is wrong: the MSDOS build doesn't have sys_access, and
there's nothing wrong with its library's 'access' that would justify
such a replacement. Only the MS-Windows build needs 'sys_access'.
- bug#12632: file permissions checking mishandled when setuid, Paul Eggert, 2012/10/12
- bug#12632: file permissions checking mishandled when setuid, Eli Zaretskii, 2012/10/13
- bug#12632: file permissions checking mishandled when setuid, Eli Zaretskii, 2012/10/13
- bug#12632: file permissions checking mishandled when setuid, Paul Eggert, 2012/10/14
- bug#12632: file permissions checking mishandled when setuid, Eli Zaretskii, 2012/10/14
- bug#12632: file permissions checking mishandled when setuid, Paul Eggert, 2012/10/14
- bug#12632: file permissions checking mishandled when setuid,
Eli Zaretskii <=
- bug#12632: file permissions checking mishandled when setuid, Paul Eggert, 2012/10/14
- bug#12632: file permissions checking mishandled when setuid, Eli Zaretskii, 2012/10/14
- bug#12632: file permissions checking mishandled when setuid, Eli Zaretskii, 2012/10/14
- bug#12632: file permissions checking mishandled when setuid, Paul Eggert, 2012/10/14
- bug#12632: file permissions checking mishandled when setuid, Eli Zaretskii, 2012/10/14
- bug#12632: file permissions checking mishandled when setuid, Paul Eggert, 2012/10/15
- bug#12632: file permissions checking mishandled when setuid, Eli Zaretskii, 2012/10/15
- bug#12632: file permissions checking mishandled when setuid, Paul Eggert, 2012/10/15
- bug#12632: file permissions checking mishandled when setuid, Eli Zaretskii, 2012/10/15
- bug#12632: file permissions checking mishandled when setuid, Paul Eggert, 2012/10/16