On Tue, Jan 12, 2016 at 12:14:26AM +0000, Nick Alcock wrote: > > If a permission check will be applied, then please with access() not > > mode bits. > > Yeah. I mean, using access() is racy, but to be honest with *font file > directories* that is probably not really a problem. Exactly. > (The canonical > approach for these things, which is to just try to open() it with the > requested mode and see if it fails, doesn't really work too well for > O_RDWR on directories.) A "sure" check would be to try to create a file, which looks unnecessarily intrusive for me. Moreover this can be _really_ expensive on some file systems/scenarios. Even if we'd avoid stat()-ing all the files, testing multiple writable directories could take a long time. In any case, such a check should not be necessary - indeed fontconfig ought to be fine with the old behaviour, checking whether the directory contents has changed, not the files themselves (i.e. ignoring the cases when you rewrite font files in-place, as long as this limitation is mentioned somewhere). > > As soon as there are ACLs on the file system, the mode bits are broken > > and plainly "wrong". > > Also with setuid/setgid, LSMs, etc. It is generally a mistake to try to > interpret mode bits programmatically at all. Nevertheless even some widely deployed and critical programs do this. Openssh for example, without any switch to turn off the "safety net heuristics" when it becomes nonsence. Regards, Rune _______________________________________________ Fontconfig mailing list Fontconfig@xxxxxxxxxxxxxxxxxxxxx http://lists.freedesktop.org/mailman/listinfo/fontconfig
