[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#12632: file permissions checking mishandled when setuid
From: |
Paul Eggert |
Subject: |
bug#12632: file permissions checking mishandled when setuid |
Date: |
Sat, 13 Oct 2012 23:16:44 -0700 |
User-agent: |
Mozilla/5.0 (X11; Linux i686; rv:16.0) Gecko/20121011 Thunderbird/16.0.1 |
On 10/13/2012 12:23 AM, Eli Zaretskii wrote:
> The FIXMEs are OK, but I see no reason for them to come _instead_ of
> comments which explain why 'access' is used instead of 'stat'.
OK, I left those comments alone in the attached revision
of the patch.
> How will the new code work if 'dir' is nil?
'dir' can't be nil there. But this is a separate issue, so I've
omitted that change from the revised patch.
> Also, what about lread.c:openp, around line 1555: doesn't it want
> 'euidaccess' as well, rather than 'stat'?
Sure, we can do that. Done in the revised patch.
> I don't understand why is it a good idea to use 'euidaccess' in
> check_existing. Isn't the fact of the mere existence of a file
> independent of user's access rights?
No, because you cannot even stat a file that's in a directory that you
can't search. Using 'access' rather than 'euidaccess' might
let a setuid Emacs search directories that it shouldn't be able
to search, or vice versa.
euidaccess.txt
Description: Text document
- bug#12632: file permissions checking mishandled when setuid, Paul Eggert, 2012/10/12
- bug#12632: file permissions checking mishandled when setuid, Eli Zaretskii, 2012/10/13
- bug#12632: file permissions checking mishandled when setuid, Eli Zaretskii, 2012/10/13
- bug#12632: file permissions checking mishandled when setuid,
Paul Eggert <=
- bug#12632: file permissions checking mishandled when setuid, Eli Zaretskii, 2012/10/14
- bug#12632: file permissions checking mishandled when setuid, Paul Eggert, 2012/10/14
- bug#12632: file permissions checking mishandled when setuid, Eli Zaretskii, 2012/10/14
- bug#12632: file permissions checking mishandled when setuid, Paul Eggert, 2012/10/14
- bug#12632: file permissions checking mishandled when setuid, Eli Zaretskii, 2012/10/14
- bug#12632: file permissions checking mishandled when setuid, Eli Zaretskii, 2012/10/14
- bug#12632: file permissions checking mishandled when setuid, Paul Eggert, 2012/10/14
- bug#12632: file permissions checking mishandled when setuid, Eli Zaretskii, 2012/10/14
- bug#12632: file permissions checking mishandled when setuid, Paul Eggert, 2012/10/15
- bug#12632: file permissions checking mishandled when setuid, Eli Zaretskii, 2012/10/15