[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#12632: file permissions checking mishandled when setuid
From: |
Paul Eggert |
Subject: |
bug#12632: file permissions checking mishandled when setuid |
Date: |
Sun, 14 Oct 2012 12:42:40 -0700 |
User-agent: |
Mozilla/5.0 (X11; Linux i686; rv:16.0) Gecko/20121011 Thunderbird/16.0.1 |
On 10/14/2012 11:39 AM, Eli Zaretskii wrote:
> The 'access' man page simply says this:
>
> F_OK tests for the existence of the file.
>
> It says nothing about granting any permissions (unlike when it
> describes R_OK, W_OK, and X_OK).
One always needs search permissions when resolving file names, no matter
what the context, and the 'access' man page doesn't bother to document
that. Here's an example to illustrate. Compile the following program
on a GNUish host and put it into a file 'a.out'.
#define _GNU_SOURCE
#include <stdio.h>
#include <unistd.h>
#include <sys/stat.h>
static void
try (char const *file)
{
struct stat st;
printf ("%8d %12d %11d %s\n",
access (file, F_OK),
euidaccess (file, F_OK),
stat (file, &st),
file);
}
int
main (int argc, char **argv)
{
printf ("access(F_OK) euidaccess(F_OK) stat() filename\n");
while (*++argv)
try (*argv);
return 0;
}
Now, make a.out setuid and owned by someone else, and set up
an environment where you're trying to access files in directories
that you cannot search, but the other guy can. For example:
$ sudo chown games a.out
$ sudo chmod u+s a.out
$ mkdir -m 700 eggert games uucp
$ touch eggert/foo games/foo uucp/foo
$ sudo chown games games
$ sudo chown uucp uucp
$ sudo ls -ld a.out eggert eggert/foo games games/foo uucp uucp/foo
-rwsr-sr-x. 1 games root 7440 Oct 14 12:21 a.out
drwx------. 2 eggert root 4096 Oct 14 12:15 eggert
----------. 1 root root 0 Oct 14 12:15 eggert/foo
drwx------. 2 games root 4096 Oct 14 12:15 games
----------. 1 root root 0 Oct 14 12:15 games/foo
drwx------. 2 uucp root 4096 Oct 14 12:22 uucp
-rw-r--r--. 1 root root 0 Oct 14 12:22 uucp/foo
$ ls -ld a.out eggert eggert/foo games games/foo uucp uucp/foo
ls: cannot access games/foo: Permission denied
ls: cannot access uucp/foo: Permission denied
-rwsr-sr-x. 1 games root 7440 Oct 14 12:21 a.out
drwx------. 2 eggert root 4096 Oct 14 12:15 eggert
----------. 1 root root 0 Oct 14 12:15 eggert/foo
drwx------. 2 games root 4096 Oct 14 12:15 games
drwx------. 2 uucp root 4096 Oct 14 12:22 uucp
$ ./a.out eggert eggert/foo games games/foo uucp uucp/foo
access(F_OK) euidaccess(F_OK) stat() filename
0 0 0 eggert
0 -1 -1 eggert/foo
0 0 0 games
-1 0 0 games/foo
0 0 0 uucp
-1 -1 -1 uucp/foo
euidaccess always agrees with ls and with stat, whereas
access does not. We want the semantics of ls and of stat
and of euidaccess, not the semantics of access.
> This part is wrong: the MSDOS build doesn't have sys_access
OK, thanks, I'll leave that part out.
- bug#12632: file permissions checking mishandled when setuid, Paul Eggert, 2012/10/12
- bug#12632: file permissions checking mishandled when setuid, Eli Zaretskii, 2012/10/13
- bug#12632: file permissions checking mishandled when setuid, Eli Zaretskii, 2012/10/13
- bug#12632: file permissions checking mishandled when setuid, Paul Eggert, 2012/10/14
- bug#12632: file permissions checking mishandled when setuid, Eli Zaretskii, 2012/10/14
- bug#12632: file permissions checking mishandled when setuid, Paul Eggert, 2012/10/14
- bug#12632: file permissions checking mishandled when setuid, Eli Zaretskii, 2012/10/14
- bug#12632: file permissions checking mishandled when setuid,
Paul Eggert <=
- bug#12632: file permissions checking mishandled when setuid, Eli Zaretskii, 2012/10/14
- bug#12632: file permissions checking mishandled when setuid, Eli Zaretskii, 2012/10/14
- bug#12632: file permissions checking mishandled when setuid, Paul Eggert, 2012/10/14
- bug#12632: file permissions checking mishandled when setuid, Eli Zaretskii, 2012/10/14
- bug#12632: file permissions checking mishandled when setuid, Paul Eggert, 2012/10/15
- bug#12632: file permissions checking mishandled when setuid, Eli Zaretskii, 2012/10/15
- bug#12632: file permissions checking mishandled when setuid, Paul Eggert, 2012/10/15
- bug#12632: file permissions checking mishandled when setuid, Eli Zaretskii, 2012/10/15
- bug#12632: file permissions checking mishandled when setuid, Paul Eggert, 2012/10/16
- bug#12632: file permissions checking mishandled when setuid, Eli Zaretskii, 2012/10/16