[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: access(2) shouldn't be used with test(1)
|
From: |
Garrett Cooper |
|
Subject: |
Re: access(2) shouldn't be used with test(1) |
|
Date: |
Tue, 20 Jul 2010 11:06:50 -0700 |
On Tue, Jul 20, 2010 at 11:00 AM, Garrett Cooper <yanegomi@gmail.com> wrote:
> According to the POSIX spec, using access(2) is implementation
> dependent when running as superuser [1]. FreeBSD intentionally returns
> true whenever euid/uid = 0 [2]. FreeBSD's /bin/sh doesn't have this
> `issue' with test(1). Example:
>
> $ ls -l typescript
> -rw-r--r-- 1 gcooper gcooper 37875 Jul 12 22:19 typescript
> $ sudo sh -c 'test -x typescript; echo $?'
> 1
> $ sudo bash -c 'test -x typescript; echo $?'
> 0
>
> Code should be added to detect the mode via stat(2), instead of
> access(2) (the FreeBSD manpage also notes security issues with race
> conditions when using access(2), so access(2) use is discouraged).
> If I can get the details for grabbing bash from cvs/svn/whatever,
> I'll whip up a patch for this.
>
> [1] http://www.opengroup.org/onlinepubs/000095399/functions/access.html
> - see RATIONALE.
> [2] http://www.freebsd.org/cgi/man.cgi?query=access
Oh, and BTW... here's the version of bash I'm using:
$ bash --version
GNU bash, version 4.1.7(0)-release (amd64-portbld-freebsd9.0)
Copyright (C) 2009 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software; you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Thanks,
-Garrett