[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
access(2) shouldn't be used with test(1)
|
From: |
Garrett Cooper |
|
Subject: |
access(2) shouldn't be used with test(1) |
|
Date: |
Tue, 20 Jul 2010 11:00:06 -0700 |
According to the POSIX spec, using access(2) is implementation
dependent when running as superuser [1]. FreeBSD intentionally returns
true whenever euid/uid = 0 [2]. FreeBSD's /bin/sh doesn't have this
`issue' with test(1). Example:
$ ls -l typescript
-rw-r--r-- 1 gcooper gcooper 37875 Jul 12 22:19 typescript
$ sudo sh -c 'test -x typescript; echo $?'
1
$ sudo bash -c 'test -x typescript; echo $?'
0
Code should be added to detect the mode via stat(2), instead of
access(2) (the FreeBSD manpage also notes security issues with race
conditions when using access(2), so access(2) use is discouraged).
If I can get the details for grabbing bash from cvs/svn/whatever,
I'll whip up a patch for this.
Thanks,
-Garrett
[1] http://www.opengroup.org/onlinepubs/000095399/functions/access.html
- see RATIONALE.
[2] http://www.freebsd.org/cgi/man.cgi?query=access