On 12 Jan 2016, u-pnrz@xxxxxxxx stated: > On Tue, Jan 12, 2016 at 12:14:26AM +0000, Nick Alcock wrote: >> > As soon as there are ACLs on the file system, the mode bits are broken >> > and plainly "wrong". >> >> Also with setuid/setgid, LSMs, etc. It is generally a mistake to try to >> interpret mode bits programmatically at all. > > Nevertheless even some widely deployed and critical programs do this. > Openssh for example, without any switch to turn off the "safety net > heuristics" when it becomes nonsence. OpenSSH is one of the few examples where it is almost justified, because it's trying to determine if *another user* can access the files in question. The only way to do this 'right' would be to fork a setuid nobody process and let it try to open the file, which seems an extremely expensive thing to do on every connection. (Or to have a setuid nobody persistent child of the main sshd which did the work, I suppose -- but even *that* might be fooled by networked filesystems, which might deny access to the checking process running on *this* machine but allow it to other users. Mind you, the current implementation falls into this trap anyway: ACLs, as you mention... anyway, this is all more or less off topic on this list.) -- NULL && (void) _______________________________________________ Fontconfig mailing list Fontconfig@xxxxxxxxxxxxxxxxxxxxx http://lists.freedesktop.org/mailman/listinfo/fontconfig
