[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [FYI] {master} maint: assume 'test -x' is portable
From: |
Eric Blake |
Subject: |
Re: [FYI] {master} maint: assume 'test -x' is portable |
Date: |
Fri, 24 Feb 2012 20:48:07 -0700 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:10.0.1) Gecko/20120209 Thunderbird/10.0.1 |
On 02/23/2012 05:13 PM, Eric Blake wrote:
> On 02/23/2012 04:50 PM, Paul Eggert wrote:
>> On 02/23/2012 03:05 PM, Stefano Lattarini wrote:
>>> address@hidden -r}. Do not use @samp{test -e} either, because Solaris 10
>>
>> The word "either" should be removed. Otherwise looks OK.
>
> I just thought of another issue worth documenting:
>
> On systems where access(,X_OK) gives bogus results when run as root, it
> is also possible for 'test -x' to give those same bogus results (that
> is, POSIX allows but discourages test -x as root to always succeed,
> where no one can actually execute the file). Also, in the presence of
> ACLs, it is unspecified whether test matches the ACLs or just the stat
> mode bits (POSIX recommends matching the ACLs, but that in turn can be
> surprising when a file mode 0600 owned by someone else passes 'test -r'
> for the current user due to an ACL).
Here's what I'm pushing for the doc side; I'm still working on the shell
probe for a working 'test -x'. I also note that AS_TEST_X is
undocumented, although I don't want to delete it just yet.
From a66fcb0003e6d942dcda5d48860df0cff7e861e3 Mon Sep 17 00:00:00 2001
From: Eric Blake <address@hidden>
Date: Fri, 24 Feb 2012 20:45:35 -0700
Subject: [PATCH] doc: mention more pitfalls of file mode tests
4.3BSD is museum-ware now, so we can assume that test -x exists;
however, we still can't assume that it always does what we want.
* doc/autoconf.texi (Limitations of Builtins) <test (files)>:
Treat 'test -x' as mostly portable, but mention problems with
root user, ACLs, and TOCTTOU races.
Signed-off-by: Eric Blake <address@hidden>
---
doc/autoconf.texi | 22 +++++++++++++++++++---
1 files changed, 19 insertions(+), 3 deletions(-)
diff --git a/doc/autoconf.texi b/doc/autoconf.texi
index 607d8dc..762c455 100644
--- a/doc/autoconf.texi
+++ b/doc/autoconf.texi
@@ -18125,14 +18125,30 @@ Limitations of Builtins
To enable @command{configure} scripts to support cross-compilation, they
shouldn't do anything that tests features of the build system instead of
the host system. But occasionally you may find it necessary to check
-whether some arbitrary file exists. To do so, use @samp{test -f} or
address@hidden -r}. Do not use @samp{test -x}, because 4.3BSD does not
-have it. Do not use @samp{test -e} either, because Solaris
@command{/bin/sh}
+whether some arbitrary file exists. To do so, use @samp{test -f},
address@hidden -r}, or @samp{test -x}. Do not use @samp{test -e}, because
+Solaris @command{/bin/sh}
lacks it. To test for symbolic links on systems that have them, use
@samp{test -h} rather than @samp{test -L}; either form conforms to
Posix 1003.1-2001, but older shells like Solaris 8
@code{/bin/sh} support only @option{-h}.
+For historical reasons, Posix reluctantly allows implementations of
address@hidden -x} that will succeed for the root user, even if no execute
+permissions are present. Furthermore, shells do not all agree on
+whether Access Control Lists should affect @samp{test -r}, @samp{test
+-w}, and @samp{test -x}; some shells base test results strictly on the
+current user id compared to file owner and mode, as if by
address@hidden(2)}; while other shells base test results on whether the
+current user has the given right, even if that right is only granted by
+an ACL, as if by @code{faccessat(2)}. Furthermore, there is a classic
+time of check to time of use race between any use of @command{test}
+followed by operating on the just-checked file. Therefore, it is a good
+idea to write scripts that actually attempt an operation, and are
+prepared for the resulting failure if permission is denied, rather than
+trying to avoid an operation based solely on whether @command{test}
+guessed that it might be permitted.
+
@item @command{test} (strings)
@c ---------------------------
Posix says that @samp{test "@var{string}"} succeeds if @var{string} is
--
1.7.7.6
--
Eric Blake address@hidden +1-919-301-3266
Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- Re: [FYI] {master} maint: assume 'test -x' is portable,
Eric Blake <=