Eric Paris wrote:
> If a process calls access("/etc/shadow", R_OK) I claim
> that we darn sure better return the same result that open("/etc/shadow",
> O_RDONLY) would return. I'm guessing noone is going to argue that
> point.
This is actually wrong in general - and I see that several posters
have repeated it as if it's a fact.
Since the days prior to the new-fangled security models, access() is
supposed to calculate access for the _real_ user and group of the
process doing the access, whereas open() uses the _effective_ user and
group.
It is one of the things access() is useful for, in setuid/setgid programs.
It should be quite obvious that there are corresponding concepts in
modern security models, such as delegated authority, capabilities
etc. which possibly ought to apply to access(), and which possibly
affect how it's audited.
-- Jamie
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
