From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Paul Eggert Newsgroups: gmane.emacs.bugs Subject: bug#12632: file permissions checking mishandled when setuid Date: Mon, 22 Oct 2012 13:33:34 -0700 Message-ID: <5085AD9E.7040701@cs.ucla.edu> References: <5078CAB6.7020509@cs.ucla.edu> <83fw5h5yo6.fsf@gnu.org> <507B010F.20105@cs.ucla.edu> <831uh06gqd.fsf@gnu.org> <507B15B0.2040802@cs.ucla.edu> <83txtw4xmk.fsf@gnu.org> <507B2354.3030408@cs.ucla.edu> <83sj9g4vy7.fsf@gnu.org> <507BAA6C.2000601@cs.ucla.edu> <83lif74p78.fsf@gnu.org> <507C823D.40304@cs.ucla.edu> <83d30j3wqg.fsf@gnu.org> <507CF802.6000305@cs.ucla.edu> <83a9vm4bmv.fsf@gnu.org> <50818763.80501@cs.ucla.edu> <83wqymz4me.fsf@gnu.org> <5081A1DF.9000009@cs.ucla.edu> <5081ABD6.9060002@cs.ucla.edu> <23r4osd2f9.fsf@fencepost.gnu.org> <50836366.6080600@cs.ucla.edu> <5084E1B2.2020105@cs.ucla.edu> <83ipa2ctl2.fsf@gnu.org> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Trace: ger.gmane.org 1350938059 28569 80.91.229.3 (22 Oct 2012 20:34:19 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Mon, 22 Oct 2012 20:34:19 +0000 (UTC) Cc: 12632@debbugs.gnu.org To: Eli Zaretskii Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Mon Oct 22 22:34:27 2012 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1TQOhd-0000qf-6M for geb-bug-gnu-emacs@m.gmane.org; Mon, 22 Oct 2012 22:34:25 +0200 Original-Received: from localhost ([::1]:39136 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1TQOhV-0002cS-8Z for geb-bug-gnu-emacs@m.gmane.org; Mon, 22 Oct 2012 16:34:17 -0400 Original-Received: from eggs.gnu.org ([208.118.235.92]:39183) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1TQOhT-0002cN-LO for bug-gnu-emacs@gnu.org; Mon, 22 Oct 2012 16:34:16 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1TQOhS-0000NQ-Jd for bug-gnu-emacs@gnu.org; Mon, 22 Oct 2012 16:34:15 -0400 Original-Received: from debbugs.gnu.org ([140.186.70.43]:46052) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1TQOhS-0000NJ-GN for bug-gnu-emacs@gnu.org; Mon, 22 Oct 2012 16:34:14 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.72) (envelope-from ) id 1TQOjC-0005Qz-8Z for bug-gnu-emacs@gnu.org; Mon, 22 Oct 2012 16:36:02 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Paul Eggert Original-Sender: debbugs-submit-bounces@debbugs.gnu.org Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Mon, 22 Oct 2012 20:36:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 12632 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: security patch Original-Received: via spool by 12632-submit@debbugs.gnu.org id=B12632.135093813220854 (code B ref 12632); Mon, 22 Oct 2012 20:36:02 +0000 Original-Received: (at 12632) by debbugs.gnu.org; 22 Oct 2012 20:35:32 +0000 Original-Received: from localhost ([127.0.0.1]:56303 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.72) (envelope-from ) id 1TQOii-0005QJ-J1 for submit@debbugs.gnu.org; Mon, 22 Oct 2012 16:35:32 -0400 Original-Received: from smtp.cs.ucla.edu ([131.179.128.62]:44609) by debbugs.gnu.org with esmtp (Exim 4.72) (envelope-from ) id 1TQOif-0005Q5-Gx for 12632@debbugs.gnu.org; Mon, 22 Oct 2012 16:35:30 -0400 Original-Received: from localhost (localhost.localdomain [127.0.0.1]) by smtp.cs.ucla.edu (Postfix) with ESMTP id 90D6DA60006; Mon, 22 Oct 2012 13:33:35 -0700 (PDT) X-Virus-Scanned: amavisd-new at smtp.cs.ucla.edu Original-Received: from smtp.cs.ucla.edu ([127.0.0.1]) by localhost (smtp.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FXB810fB1oGF; Mon, 22 Oct 2012 13:33:35 -0700 (PDT) Original-Received: from penguin.cs.ucla.edu (Penguin.CS.UCLA.EDU [131.179.64.200]) by smtp.cs.ucla.edu (Postfix) with ESMTPSA id 1FCA4A60002; Mon, 22 Oct 2012 13:33:35 -0700 (PDT) User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:16.0) Gecko/20121016 Thunderbird/16.0.1 In-Reply-To: <83ipa2ctl2.fsf@gnu.org> X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.13 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 2) X-Received-From: 140.186.70.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.bugs:65872 Archived-At: On 10/22/2012 10:19 AM, Eli Zaretskii wrote: > My reading of Posix is that this should set errno to EBADF, not > EINVAL. Thanks, I'll fix that. >> + /* Normally a file F is an accessible directory if F/. is accessible. >> + But omit the "/." if F is empty, as "" is not "/."; and omit the >> + "/" if F ends in "/", as on some platforms "/" != "//". */ >> + if (len) >> + { >> + char *buf = SAFE_ALLOCA (len + 3); >> + memcpy (buf, file, len); >> + strcpy (buf + len, "/." + (file[len - 1] == '/')); >> + file = buf; >> + } > > I think this should use IS_DIRECTORY_SEP instead of a literal '/'. It should work as-is, no? It's true that on Windows, backslash is also a directory separator. But I don't see any harm done if we append '/.' to a file name that ends in backslash. For example, if the file name is 'FOO\' and we append '/.' to make it 'FOO\/.', the test should succeed if FOO is a searchable directory and should fail otherwise, which is what is wanted here. Another way to put it is that the test against trailing slash is only for the benefit of platforms where '/' != '//', and Windows is not such a platform.