[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Built-in "test -x" fails for root on FreeBSD

From: Eric Blake
Subject: Re: Built-in "test -x" fails for root on FreeBSD
Date: Mon, 29 Mar 2010 10:42:42 -0600
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv: Gecko/20100301 Fedora/3.0.3-1.fc12 Lightning/1.0b1 Thunderbird/3.0.3

On 03/29/2010 10:36 AM, Johan Hattne wrote:
>> It also states for faccessat (eaccess is a non-portable interface
>> comparable to the standardized faccessat):
> But faccessat() does not really have anything to do with test?

test(1) should be implemented using faccessat(2) or equivalent, in order
to properly honor ACLs.  On systems that lack faccessat, then eaccess()
is a good fallback.

>> Therefore, it is perfectly acceptable for the root user to claim that a
>> file is executable, as reported by eaccess, even if none of the file
>> permission bits grant such permission.
> Yes, but test should still return false if the file isn't executable by
> anybody on the system.

If eaccess() lies and returns true even though the file is not
executable by anybody on the system (including the superuser), then that
is a bug in eaccess(), not in test(1).

>> This patch fails to take into account ACLs, which is one of the reasons
>> that faccessat was standardized.
> But faccessat() is equivalent to access() except in the case where the
> path is relative?

faccessat(AT_FDCWD, name, mode, 0) is equivalent to access(name, mode),
regardless of whether name is relatived (it differs from access only
when the first argument is not AT_FDCWD and when name is relative).
faccessat(AT_FDCWD, name, mode, AT_EACCESS) is equivalent to eaccess
(name, mode).  test(1) should use faccessat(AT_FDCWD, name, mode,

>  Regarding ACLs, I'm not sure they're checked on any
> other operating system either.

YES THEY ARE.  Cygwin is proof of a system that has _properly_
implemented faccessat() in the face of ACLs.  It is _entirely_ possible
for stat() to claim that a file cannot be accessed by the owner, group,
or world, but where ACLs show that the current effective id _can_
execute it, and that is the case that faccessat is designed to detect,
which must then be fed into test -x.

>  As far as I can see from bash's
> sh_stataccess function, "test -x" ANDs the st_mode bits with S_IXGUO.

That's because bash's sh_stataccess is a workaround for systems that
lack POSIX 2008 compliance - no one ever claimed that the workaround is
as good as the real thing.

Eric Blake   address@hidden    +1-801-349-2682
Libvirt virtualization library http://libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]