On Tue, Sep 27, 2011 at 06:19:06PM -0500, Jonathan Nieder wrote: > POSIX.1-2008 §4.4 "File Access Permission" sayeth: > > If execute permission is requested, access shall be granted > if execute permission is granted to at least one user by the > file permission bits or by an alternate access control > mechanism; otherwise, access shall be denied. > > For historical reasons, POSIX unfortunately also allows access() and > faccessat() to return success for X_OK if the current process is > privileged, even when the above condition is not fulfilled and actual > execution would fail. On the affected platforms, "test -x <path>" as > root started returning true on nonexecutable files when dash switched > from its own emulation to the true faccessat in v0.5.7~54 > (2010-04-02). > > Work around this by checking the permissions bits when mode == X_OK > and geteuid() == 0 on such platforms. > > Unfortunately the behavior seems to vary from one kernel version to > another, so we cannot just check the behavior at compile time and rely > on that. A survey of some affected kernels: > > - NetBSD's kernel moved to the sane semantics in 1997 > - OpenBSD's kernel made the same change in version 4.4, three years > ago > - FreeBSD 9's kernel fixes this but hasn't been released yet > > It seems safe to only apply the workaround on systems using the > FreeBSD kernel for now, and to push for standardization on the > expected access()/faccessat() semantics so we can drop the workaround > altogether in a few years. > > To try it on other platforms, use "./configure --enable-test-workaround". > > Reported-by: Christoph Egger <christoph@xxxxxxxxxx> > Analysis-by: Petr Salinger <Petr.Salinger@xxxxxxxxx> > Signed-off-by: Jonathan Nieder <jrnieder@xxxxxxxxx> This patch seems to have slipped through the cracks. Nevertheless it is now applied. Thanks, -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line "unsubscribe dash" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH v2] [BUILTIN] Fix "test -x" as root on FreeBSD 8
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: Re: [PATCH v2] [BUILTIN] Fix "test -x" as root on FreeBSD 8
- From: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
- Date: Mon, 17 Nov 2014 22:49:46 +0800
- Cc: dash@xxxxxxxxxxxxxxx, Christoph Egger <christoph@xxxxxxxxxx>, Petr Salinger <Petr.Salinger@xxxxxxxxx>
- In-reply-to: <20110927231906.GC19549@elie>
- User-agent: Mutt/1.5.21 (2010-09-15)
- References:
- [PATCH] [BUILTIN] Make "test -x" sane again when run as root
- From: Jonathan Nieder
- Re: [PATCH] [BUILTIN] Make "test -x" sane again when run as root
- From: Jonathan Nieder
- Re: [PATCH] [BUILTIN] Make "test -x" sane again when run as root
- From: Herbert Xu
- [PATCH v2] [BUILTIN] Fix "test -x" as root on FreeBSD 8
- From: Jonathan Nieder
- [PATCH] [BUILTIN] Make "test -x" sane again when run as root
- Prev by Date: Re: 'man dash' typo: "the shell .... proceed onto"
- Next by Date: command substitutions in $PS4
- Previous by thread: [PATCH v2] [BUILTIN] Fix "test -x" as root on FreeBSD 8
- Next by thread: evaluation of env variables in DASH
- Index(es):
 |