From: Eli Zaretskii <eliz@gnu.org>
To: Paul Eggert <eggert@cs.ucla.edu>
Cc: 12632@debbugs.gnu.org
Subject: bug#12632: file permissions checking mishandled when setuid
Date: Sun, 14 Oct 2012 20:39:06 +0200 [thread overview]
Message-ID: <831uh06gqd.fsf@gnu.org> (raw)
In-Reply-To: <507B010F.20105@cs.ucla.edu>
> Date: Sun, 14 Oct 2012 11:14:39 -0700
> From: Paul Eggert <eggert@cs.ucla.edu>
> CC: 12632@debbugs.gnu.org
>
> > Emacs should be able to test whether a file exists even if it
> > will be unable to access it later.
>
> Emacs cannot do that. What 'access' does is ask, "If Emacs were
> to issue the seteuid system call, and change the effective user
> ID to the real user ID, would Emacs then be able to see that the
> file exists?" This does not test whether the file exists; it tests
> only whether Emacs could see that the file exists in a hypothetical
> situation that never actually happens (because Emacs never issues
> the seteuid system call). But this isn't what is wanted here:
> what is wanted is a test whether Emacs can currently see that the
> file exists, and that is what euidaccess does.
I can't argue with you, because you seem to bring arguments out of
some inner knowledge. The 'access' man page simply says this:
F_OK tests for the existence of the file.
It says nothing about granting any permissions (unlike when it
describes R_OK, W_OK, and X_OK).
> === modified file 'src/msdos.c'
> --- src/msdos.c 2012-09-23 08:44:20 +0000
> +++ src/msdos.c 2012-10-14 18:06:01 +0000
> @@ -3557,7 +3557,7 @@
> read-only filesystem, like CD-ROM or a write-protected floppy.
> The only way to be really sure is to actually create a file and
> see if it succeeds. But I think that's too much to ask. */
> - if (tmp && access (tmp, D_OK) == 0)
> + if (tmp && sys_access (tmp, D_OK) == 0)
> {
> setenv ("TMPDIR", tmp, 1);
> break;
> @@ -3935,7 +3935,7 @@
> readlink (const char *name, char *dummy1, size_t dummy2)
> {
> /* `access' is much faster than `stat' on MS-DOS. */
> - if (access (name, F_OK) == 0)
> + if (sys_access (name, F_OK) == 0)
> errno = EINVAL;
> return -1;
> }
This part is wrong: the MSDOS build doesn't have sys_access, and
there's nothing wrong with its library's 'access' that would justify
such a replacement. Only the MS-Windows build needs 'sys_access'.
next prev parent reply other threads:[~2012-10-14 18:39 UTC|newest]
Thread overview: 47+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-10-13 1:58 bug#12632: file permissions checking mishandled when setuid Paul Eggert
2012-10-13 7:23 ` Eli Zaretskii
2012-10-13 8:36 ` Eli Zaretskii
2012-10-14 6:16 ` Paul Eggert
2012-10-14 6:56 ` Eli Zaretskii
2012-10-14 18:14 ` Paul Eggert
2012-10-14 18:39 ` Eli Zaretskii [this message]
2012-10-14 19:42 ` Paul Eggert
2012-10-14 20:10 ` Eli Zaretskii
2012-10-14 20:17 ` Eli Zaretskii
2012-10-14 20:40 ` Paul Eggert
2012-10-14 20:53 ` Eli Zaretskii
2012-10-15 6:17 ` Paul Eggert
2012-10-15 17:31 ` Eli Zaretskii
2012-10-15 21:38 ` Paul Eggert
2012-10-16 3:46 ` Eli Zaretskii
2012-10-16 6:00 ` Paul Eggert
2012-10-16 16:36 ` Eli Zaretskii
2012-10-19 17:01 ` Paul Eggert
2012-10-19 18:41 ` Eli Zaretskii
2012-10-19 18:54 ` Paul Eggert
2012-10-19 19:05 ` Glenn Morris
2012-10-19 19:36 ` Paul Eggert
2012-10-20 2:25 ` Richard Stallman
2012-10-20 4:36 ` Paul Eggert
2012-10-21 1:44 ` Glenn Morris
2012-10-21 2:52 ` Paul Eggert
2012-10-21 4:24 ` Glenn Morris
2012-10-22 6:03 ` Paul Eggert
2012-10-22 17:19 ` Eli Zaretskii
2012-10-22 20:33 ` Paul Eggert
2012-10-22 21:04 ` Eli Zaretskii
2012-10-22 21:30 ` Paul Eggert
2012-10-23 0:40 ` Stefan Monnier
2012-10-23 1:46 ` Paul Eggert
2012-10-23 3:49 ` Eli Zaretskii
2012-10-23 3:47 ` Eli Zaretskii
2012-10-23 5:07 ` Paul Eggert
2012-10-23 16:44 ` Eli Zaretskii
2012-10-23 19:27 ` Paul Eggert
2012-10-23 19:50 ` Eli Zaretskii
2012-10-23 20:01 ` Paul Eggert
2012-10-23 23:15 ` Andy Moreton
2012-10-24 3:51 ` Eli Zaretskii
2012-10-19 19:10 ` Eli Zaretskii
2012-11-13 2:19 ` bug#12632: updated version of the patch Paul Eggert
2012-11-14 5:10 ` Paul Eggert
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=831uh06gqd.fsf@gnu.org \
--to=eliz@gnu.org \
--cc=12632@debbugs.gnu.org \
--cc=eggert@cs.ucla.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).