Hi Denys, On 02/11/2015 02:34 PM, Denys Vlasenko wrote: > Hi Michael, > > On 02/05/2015 11:44 AM, Michael Kerrisk (man-pages) wrote: >> On 09/10/2014 03:01 PM, Denys Vlasenko wrote: >>> We have users who are terribly confused why their binaries >>> with CAP_DAC_OVERRIDE capability see EACCESS from access() calls, >>> but are able to read the file. >>> >>> The reason is access() isn't the "can I read/write/execute this file?" >>> question, it is the "(assuming that I'm a setuid binary,) can *the user >>> who invoked me* read/write/execute this file?" question. >>> >>> That's why it uses real UIDs as documented, and why it ignores >>> capabilities when capability-endored binaries are run by non-root >>> (this patch adds this information). >>> >>> To make users more likely to notice this less-known detail, >>> the patch expands the explanation with rationale for this logic >>> into a separate paragraph. >> >> Thanks, Denys. Applied. > > I don't see it in git://git.kernel.org/pub/scm/docs/man-pages/man-pages.git Currently, I have it in a local branch. You'll get a mail when it's released. Thanks, Michael -- Michael Kerrisk Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/ Linux/UNIX System Programming Training: http://man7.org/training/ -- To unsubscribe from this list: send the line "unsubscribe linux-man" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
