On 02/23/2012 05:13 PM, Eric Blake wrote:
> On 02/23/2012 04:50 PM, Paul Eggert wrote:
>> On 02/23/2012 03:05 PM, Stefano Lattarini wrote:
>>> +@samp{test -r}. Do not use @samp{test -e} either, because Solaris 10
>>
>> The word "either" should be removed. Otherwise looks OK.
>
> I just thought of another issue worth documenting:
>
> On systems where access(,X_OK) gives bogus results when run as root, it
> is also possible for 'test -x' to give those same bogus results (that
> is, POSIX allows but discourages test -x as root to always succeed,
> where no one can actually execute the file). Also, in the presence of
> ACLs, it is unspecified whether test matches the ACLs or just the stat
> mode bits (POSIX recommends matching the ACLs, but that in turn can be
> surprising when a file mode 0600 owned by someone else passes 'test -r'
> for the current user due to an ACL).
Here's what I'm pushing for the doc side; I'm still working on the shell
probe for a working 'test -x'. I also note that AS_TEST_X is
undocumented, although I don't want to delete it just yet.
From a66fcb0003e6d942dcda5d48860df0cff7e861e3 Mon Sep 17 00:00:00 2001
From: Eric Blake <eblake@xxxxxxxxxx>
Date: Fri, 24 Feb 2012 20:45:35 -0700
Subject: [PATCH] doc: mention more pitfalls of file mode tests
4.3BSD is museum-ware now, so we can assume that test -x exists;
however, we still can't assume that it always does what we want.
* doc/autoconf.texi (Limitations of Builtins) <test (files)>:
Treat 'test -x' as mostly portable, but mention problems with
root user, ACLs, and TOCTTOU races.
Signed-off-by: Eric Blake <eblake@xxxxxxxxxx>
---
doc/autoconf.texi | 22 +++++++++++++++++++---
1 files changed, 19 insertions(+), 3 deletions(-)
diff --git a/doc/autoconf.texi b/doc/autoconf.texi
index 607d8dc..762c455 100644
--- a/doc/autoconf.texi
+++ b/doc/autoconf.texi
@@ -18125,14 +18125,30 @@ Limitations of Builtins
To enable @command{configure} scripts to support cross-compilation, they
shouldn't do anything that tests features of the build system instead of
the host system. But occasionally you may find it necessary to check
-whether some arbitrary file exists. To do so, use @samp{test -f} or
-@samp{test -r}. Do not use @samp{test -x}, because 4.3BSD does not
-have it. Do not use @samp{test -e} either, because Solaris
@command{/bin/sh}
+whether some arbitrary file exists. To do so, use @samp{test -f},
+@samp{test -r}, or @samp{test -x}. Do not use @samp{test -e}, because
+Solaris @command{/bin/sh}
lacks it. To test for symbolic links on systems that have them, use
@samp{test -h} rather than @samp{test -L}; either form conforms to
Posix 1003.1-2001, but older shells like Solaris 8
@code{/bin/sh} support only @option{-h}.
+For historical reasons, Posix reluctantly allows implementations of
+@samp{test -x} that will succeed for the root user, even if no execute
+permissions are present. Furthermore, shells do not all agree on
+whether Access Control Lists should affect @samp{test -r}, @samp{test
+-w}, and @samp{test -x}; some shells base test results strictly on the
+current user id compared to file owner and mode, as if by
+@code{stat(2)}; while other shells base test results on whether the
+current user has the given right, even if that right is only granted by
+an ACL, as if by @code{faccessat(2)}. Furthermore, there is a classic
+time of check to time of use race between any use of @command{test}
+followed by operating on the just-checked file. Therefore, it is a good
+idea to write scripts that actually attempt an operation, and are
+prepared for the resulting failure if permission is denied, rather than
+trying to avoid an operation based solely on whether @command{test}
+guessed that it might be permitted.
+
@item @command{test} (strings)
@c ---------------------------
Posix says that @samp{test "@var{string}"} succeeds if @var{string} is
--
1.7.7.6
--
Eric Blake eblake@xxxxxxxxxx +1-919-301-3266
Libvirt virtualization library http://libvirt.org
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Autoconf mailing list Autoconf@xxxxxxx https://lists.gnu.org/mailman/listinfo/autoconf
