unofficial mirror of guix-devel@gnu.org 
 help / color / mirror / code / Atom feed
blob c0d6a2196542596907016a8d51656c9cd1c477a6 1556 bytes (raw)
name: gnu/packages/patches/nvi-exrc-writability-check.patch 	 # note: path name is non-authoritative(*)

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
 
This patch originates from the Debian project, see https://www.debian.org/

21exrc_writability_check.dpatch by  <hesso@pool.math.tu-berlin.de>


Improve writability checking.

diff -Naur nvi-1.81.6.orig/ex/ex_init.c nvi-1.81.6/ex/ex_init.c
--- nvi-1.81.6.orig/ex/ex_init.c	2007-11-18 17:41:42.000000000 +0100
+++ nvi-1.81.6/ex/ex_init.c	2008-05-01 18:24:45.000000000 +0200
@@ -26,6 +26,9 @@
 #include <string.h>
 #include <unistd.h>
 
+#include <pwd.h>
+#include <grp.h>
+
 #include "../common/common.h"
 #include "tag.h"
 #include "pathnames.h"
@@ -346,6 +349,9 @@
 	int nf1, nf2;
 	char *a, *b, buf[MAXPATHLEN];
 
+	struct group *grp_p;
+	struct passwd *pwd_p;
+
 	/* Check for the file's existence. */
 	if (stat(path, sbp))
 		return (NOEXIST);
@@ -359,10 +365,30 @@
 	}
 
 	/* Check writeability. */
-	if (sbp->st_mode & (S_IWGRP | S_IWOTH)) {
+	if (sbp->st_mode & S_IWOTH) {
 		etype = WRITER;
 		goto denied;
 	}
+	if (sbp->st_mode & S_IWGRP) {
+		/* on system error (getgrgid or getpwnam return NULL) set etype to WRITER
+		 * and continue execution */
+		if( (grp_p = getgrgid(sbp->st_gid)) == NULL) {
+			etype = WRITER;
+			goto denied;
+		}
+
+		/* lookup the group members' uids for an uid different from euid */
+		while( ( *(grp_p->gr_mem) ) != NULL) { /* gr_mem is a null-terminated array */
+			if( (pwd_p = getpwnam(*(grp_p->gr_mem)++)) == NULL) {
+				etype = WRITER;
+				goto denied;
+			}
+			if(pwd_p->pw_uid != euid) {
+				etype = WRITER;
+				goto denied;
+			}
+		}
+	}
 	return (RCOK);
 
 denied:	a = msg_print(sp, path, &nf1);

debug log:

solving c0d6a21 ...
found c0d6a21 in https://yhetil.org/guix-devel/54BE9C68.9070103@gmail.com/

applying [1/1] https://yhetil.org/guix-devel/54BE9C68.9070103@gmail.com/
diff --git a/gnu/packages/patches/nvi-exrc-writability-check.patch b/gnu/packages/patches/nvi-exrc-writability-check.patch
new file mode 100644
index 0000000..c0d6a21

1:20: trailing whitespace.
 
1:28: space before tab in indent.
 	int nf1, nf2;
1:29: space before tab in indent.
 	char *a, *b, buf[MAXPATHLEN];
1:30: trailing whitespace.
 
1:34: space before tab in indent.
 	/* Check for the file's existence. */
Checking patch gnu/packages/patches/nvi-exrc-writability-check.patch...
Applied patch gnu/packages/patches/nvi-exrc-writability-check.patch cleanly.
warning: squelched 10 whitespace errors
warning: 15 lines add whitespace errors.

index at:
100644 c0d6a2196542596907016a8d51656c9cd1c477a6	gnu/packages/patches/nvi-exrc-writability-check.patch

(*) Git path names are given by the tree(s) the blob belongs to.
    Blobs themselves have no identifier aside from the hash of its contents.^

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).