bug-gnu-emacs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#12632: file permissions checking mishandled when setuid

From: Eli Zaretskii
Subject: bug#12632: file permissions checking mishandled when setuid
Date: Sat, 13 Oct 2012 09:23:02 +0200 
> Date: Fri, 12 Oct 2012 18:58:14 -0700
> From: Paul Eggert <eggert@cs.ucla.edu>
> CC: Eli Zaretskii <eliz@gnu.org>
> 
> This patch has a four FIXMEs indicating where the code could
> most likely be cleaned up on DOS_NT platforms.  The patch
> should work fine as-is on DOS_NT, but it'd be nicer if the
> DOS_NT support could supply an euidaccess function to allow
> simplifying the mainline code.  I'll CC: this bug report to
> Eli to give him a heads-up.

The FIXMEs are OK, but I see no reason for them to come _instead_ of
comments which explain why 'access' is used instead of 'stat'.  Those
comments should be removed only when 'euidaccess' is implemented for
those platforms.

Regarding this hunk:

> @@ -2626,8 +2594,7 @@
>       should check ACLs though, which do affect this.  */
>    return (access (SDATA (dir), D_OK) < 0) ? Qnil : Qt;
>  #else
> -  return (check_writable (!NILP (dir) ? SSDATA (dir) : "")
> -       ? Qt : Qnil);
> +  return check_writable (SSDATA (dir)) ? Qt : Qnil;
>  #endif

How will the new code work if 'dir' is nil?

Also, what about lread.c:openp, around line 1555: doesn't it want
'euidaccess' as well, rather than 'stat'?  I think using 'euidaccess'
there will allow a further optimization, in that the call to 'stat' is
not needed at all, because right below it we call either 'access' or
'emacs_open'.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]