all messages for Emacs-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed
From: Paul Eggert <eggert@cs.ucla.edu>
To: Eli Zaretskii <eliz@gnu.org>
Cc: 12632@debbugs.gnu.org
Subject: bug#12632: file permissions checking mishandled when setuid
Date: Sun, 14 Oct 2012 12:42:40 -0700	[thread overview]
Message-ID: <507B15B0.2040802@cs.ucla.edu> (raw)
In-Reply-To: <831uh06gqd.fsf@gnu.org>

On 10/14/2012 11:39 AM, Eli Zaretskii wrote:
> The 'access' man page simply says this:
> 
>    F_OK tests for the existence of the file.
> 
> It says nothing about granting any permissions (unlike when it
> describes R_OK, W_OK, and X_OK).

One always needs search permissions when resolving file names, no matter
what the context, and the 'access' man page doesn't bother to document
that.  Here's an example to illustrate.  Compile the following program
on a GNUish host and put it into a file 'a.out'.

	#define _GNU_SOURCE
	#include <stdio.h>
	#include <unistd.h>
	#include <sys/stat.h>

	static void
	try (char const *file)
	{
	  struct stat st;
	  printf ("%8d %12d %11d    %s\n",
		  access (file, F_OK),
		  euidaccess (file, F_OK),
		  stat (file, &st),
		  file);
	}

	int
	main (int argc, char **argv)
	{
	  printf ("access(F_OK) euidaccess(F_OK) stat() filename\n");
	  while (*++argv)
	    try (*argv);
	  return 0;
	}

Now, make a.out setuid and owned by someone else, and set up
an environment where you're trying to access files in directories
that you cannot search, but the other guy can.  For example:

	$ sudo chown games a.out
	$ sudo chmod u+s a.out
	$ mkdir -m 700 eggert games uucp
	$ touch eggert/foo games/foo uucp/foo
	$ sudo chown games games
	$ sudo chown uucp uucp
	$ sudo ls -ld a.out eggert eggert/foo games games/foo uucp uucp/foo
	-rwsr-sr-x. 1 games  root 7440 Oct 14 12:21 a.out
	drwx------. 2 eggert root 4096 Oct 14 12:15 eggert
	----------. 1 root   root    0 Oct 14 12:15 eggert/foo
	drwx------. 2 games  root 4096 Oct 14 12:15 games
	----------. 1 root   root    0 Oct 14 12:15 games/foo
	drwx------. 2 uucp   root 4096 Oct 14 12:22 uucp
	-rw-r--r--. 1 root   root    0 Oct 14 12:22 uucp/foo
	$ ls -ld a.out eggert eggert/foo games games/foo uucp uucp/foo
	ls: cannot access games/foo: Permission denied
	ls: cannot access uucp/foo: Permission denied
	-rwsr-sr-x. 1 games  root 7440 Oct 14 12:21 a.out
	drwx------. 2 eggert root 4096 Oct 14 12:15 eggert
	----------. 1 root   root    0 Oct 14 12:15 eggert/foo
	drwx------. 2 games  root 4096 Oct 14 12:15 games
	drwx------. 2 uucp   root 4096 Oct 14 12:22 uucp
	$ ./a.out eggert eggert/foo games games/foo uucp uucp/foo
	access(F_OK) euidaccess(F_OK) stat() filename
	       0            0           0    eggert
	       0           -1          -1    eggert/foo
	       0            0           0    games
	      -1            0           0    games/foo
	       0            0           0    uucp
	      -1           -1          -1    uucp/foo

euidaccess always agrees with ls and with stat, whereas
access does not.  We want the semantics of ls and of stat
and of euidaccess, not the semantics of access.

> This part is wrong: the MSDOS build doesn't have sys_access

OK, thanks, I'll leave that part out.






  reply	other threads:[~2012-10-14 19:42 UTC|newest]

Thread overview: 47+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-10-13  1:58 bug#12632: file permissions checking mishandled when setuid Paul Eggert
2012-10-13  7:23 ` Eli Zaretskii
2012-10-13  8:36   ` Eli Zaretskii
2012-10-14  6:16     ` Paul Eggert
2012-10-14  6:56       ` Eli Zaretskii
2012-10-14 18:14         ` Paul Eggert
2012-10-14 18:39           ` Eli Zaretskii
2012-10-14 19:42             ` Paul Eggert [this message]
2012-10-14 20:10               ` Eli Zaretskii
2012-10-14 20:17               ` Eli Zaretskii
2012-10-14 20:40                 ` Paul Eggert
2012-10-14 20:53                   ` Eli Zaretskii
2012-10-15  6:17                     ` Paul Eggert
2012-10-15 17:31                       ` Eli Zaretskii
2012-10-15 21:38                         ` Paul Eggert
2012-10-16  3:46                           ` Eli Zaretskii
2012-10-16  6:00                             ` Paul Eggert
2012-10-16 16:36                               ` Eli Zaretskii
2012-10-19 17:01                                 ` Paul Eggert
2012-10-19 18:41                                   ` Eli Zaretskii
2012-10-19 18:54                                     ` Paul Eggert
2012-10-19 19:05                                       ` Glenn Morris
2012-10-19 19:36                                         ` Paul Eggert
2012-10-20  2:25                                           ` Richard Stallman
2012-10-20  4:36                                             ` Paul Eggert
2012-10-21  1:44                                           ` Glenn Morris
2012-10-21  2:52                                             ` Paul Eggert
2012-10-21  4:24                                               ` Glenn Morris
2012-10-22  6:03                                                 ` Paul Eggert
2012-10-22 17:19                                                   ` Eli Zaretskii
2012-10-22 20:33                                                     ` Paul Eggert
2012-10-22 21:04                                                       ` Eli Zaretskii
2012-10-22 21:30                                                         ` Paul Eggert
2012-10-23  0:40                                                           ` Stefan Monnier
2012-10-23  1:46                                                             ` Paul Eggert
2012-10-23  3:49                                                               ` Eli Zaretskii
2012-10-23  3:47                                                           ` Eli Zaretskii
2012-10-23  5:07                                                             ` Paul Eggert
2012-10-23 16:44                                                               ` Eli Zaretskii
2012-10-23 19:27                                                                 ` Paul Eggert
2012-10-23 19:50                                                                   ` Eli Zaretskii
2012-10-23 20:01                                                                     ` Paul Eggert
2012-10-23 23:15                                                                   ` Andy Moreton
2012-10-24  3:51                                                                     ` Eli Zaretskii
2012-10-19 19:10                                       ` Eli Zaretskii
2012-11-13  2:19 ` bug#12632: updated version of the patch Paul Eggert
2012-11-14  5:10   ` Paul Eggert

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=507B15B0.2040802@cs.ucla.edu \
    --to=eggert@cs.ucla.edu \
    --cc=12632@debbugs.gnu.org \
    --cc=eliz@gnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/emacs.git
	https://git.savannah.gnu.org/cgit/emacs/org-mode.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.