Fix faccessat(,0) and access() semantics.

* fhandler.h (fhandler_base::fhaccess): Add parameter.
* security.h (check_file_access, check_registry_access): Likewise.
* security.cc (check_file_access, check_registry_access)
(check_access): Implement new parameter.
* fhandler.cc (fhandler_base::fhaccess): Likewise.
(device_access_denied): Update caller.
* syscalls.cc (access, faccessat): Update callers.
* spawn.cc (find_exec, fixup): Likewise.
This commit is contained in:
Eric Blake
2009-09-25 13:44:45 +00:00
parent 5386cd8ecc
commit 3dbe243afa
7 changed files with 38 additions and 25 deletions

View File

@@ -344,11 +344,11 @@ fhandler_base::device_access_denied (int flags)
if (!mode)
mode |= R_OK;
return fhaccess (mode);
return fhaccess (mode, true);
}
int
fhandler_base::fhaccess (int flags)
fhandler_base::fhaccess (int flags, bool effective)
{
int res = -1;
if (error ())
@@ -373,12 +373,12 @@ fhandler_base::fhaccess (int flags)
goto eaccess_done;
else if (has_acls ())
{
res = check_file_access (pc, flags);
res = check_file_access (pc, flags, effective);
goto done;
}
else if (get_device () == FH_REGISTRY && open (O_RDONLY, 0) && get_handle ())
{
res = check_registry_access (get_handle (), flags);
res = check_registry_access (get_handle (), flags, effective);
close ();
return res;
}
@@ -389,12 +389,12 @@ fhandler_base::fhaccess (int flags)
if (flags & R_OK)
{
if (st.st_uid == myself->uid)
if (st.st_uid == (effective ? myself->uid : cygheap->user.real_uid))
{
if (!(st.st_mode & S_IRUSR))
goto eaccess_done;
}
else if (st.st_gid == myself->gid)
else if (st.st_gid == (effective ? myself->gid : cygheap->user.real_gid))
{
if (!(st.st_mode & S_IRGRP))
goto eaccess_done;
@@ -405,12 +405,12 @@ fhandler_base::fhaccess (int flags)
if (flags & W_OK)
{
if (st.st_uid == myself->uid)
if (st.st_uid == (effective ? myself->uid : cygheap->user.real_uid))
{
if (!(st.st_mode & S_IWUSR))
goto eaccess_done;
}
else if (st.st_gid == myself->gid)
else if (st.st_gid == (effective ? myself->gid : cygheap->user.real_gid))
{
if (!(st.st_mode & S_IWGRP))
goto eaccess_done;
@@ -421,12 +421,12 @@ fhandler_base::fhaccess (int flags)
if (flags & X_OK)
{
if (st.st_uid == myself->uid)
if (st.st_uid == (effective ? myself->uid : cygheap->user.real_uid))
{
if (!(st.st_mode & S_IXUSR))
goto eaccess_done;
}
else if (st.st_gid == myself->gid)
else if (st.st_gid == (effective ? myself->gid : cygheap->user.real_gid))
{
if (!(st.st_mode & S_IXGRP))
goto eaccess_done;