According to Herbert Xu on 2/13/2010 11:11 PM: > Eric Blake <ebb9@xxxxxxx> wrote: >> This report was originally raised on the cygwin list: >> >> http://cygwin.com/ml/cygwin/2010-02/msg00239.html >> >> In short, in the presence of ACLs, dash's implementation of test -r, test -w, >> and test -x gives incorrect answers, when the current user has permissions to >> access a file that were granted by ACLs but not by the current stat() >> permissions. dash should be using faccessat(,AT_EACCESS) (or >> eaccess/euidaccess) if available, rather than stat(), to determine whether a >> file is accessible. > > What does bash to in this case? The bash source code shows the following: In test.c, unary_test() calls sh_eaccess for test -r, -w, and -x. In lib/sh/eaccess.c, bash currently uses: int sh_eaccess (path, mode) char *path; int mode; { if (path_is_devfd (path)) return (sh_stataccess (path, mode)); #if defined (HAVE_EACCESS) /* FreeBSD */ return (eaccess (path, mode)); #elif defined (EFF_ONLY_OK) /* SVR4(?), SVR4.2 */ return access (path, mode|EFF_ONLY_OK); #else if (mode == F_OK) return (sh_stataccess (path, mode)); # if HAVE_DECL_SETREGID if (current_user.uid != current_user.euid || current_user.gid != current_user.egid) return (sh_euidaccess (path, mode)); # endif if (current_user.uid == current_user.euid && current_user.gid == current_user.egid) return (access (path, mode)); return (sh_stataccess (path, mode)); #endif } But this could probably be improved to take advantage of the standardized faccessat(path,mode,AT_EACCESS) in the case where that exists. Furthermore, the link to the post on the cygwin list shows that bash, zsh, and pdksh all honored ACLs, and that dash is the odd man out for not recognizing when the current user has rights due to ACLs that are not visible through the stat mode bits. Finally, it is worth pointing out that on at least cygwin, faccessat and friends are faster than stat. Do you want me to prepare the patch? -- Don't work too hard, make some time for fun as well! Eric Blake ebb9@xxxxxxx -- To unsubscribe from this list: send the line "unsubscribe dash" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: test -x should use faccessat, not stat
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: Re: test -x should use faccessat, not stat
- From: Eric Blake <ebb9@xxxxxxx>
- Date: Mon, 15 Feb 2010 06:31:14 -0700
- Cc: dash@xxxxxxxxxxxxxxx
- In-reply-to: <20100214061137.GA9882@xxxxxxxxxxxxxxxxxxx>
- User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.23) Gecko/20090812 Thunderbird/2.0.0.23 Mnenhy/0.7.6.666
- Follow-Ups:
- Re: test -x should use faccessat, not stat
- From: Herbert Xu
- Re: test -x should use faccessat, not stat
- References:
- Re: test -x should use faccessat, not stat
- From: Herbert Xu
- Re: test -x should use faccessat, not stat
- Prev by Date: Re: test -x should use faccessat, not stat
- Next by Date: Re: test -x should use faccessat, not stat
- Previous by thread: Re: test -x should use faccessat, not stat
- Next by thread: Re: test -x should use faccessat, not stat
- Index(es):
 |