Fix faccessat(,0) and access() semantics.
* fhandler.h (fhandler_base::fhaccess): Add parameter. * security.h (check_file_access, check_registry_access): Likewise. * security.cc (check_file_access, check_registry_access) (check_access): Implement new parameter. * fhandler.cc (fhandler_base::fhaccess): Likewise. (device_access_denied): Update caller. * syscalls.cc (access, faccessat): Update callers. * spawn.cc (find_exec, fixup): Likewise.
This commit is contained in:
@@ -169,7 +169,7 @@ find_exec (const char *name, path_conv& buf, const char *mywinenv,
|
||||
|
||||
if ((suffix = perhaps_suffix (tmp, buf, err, opt)) != NULL)
|
||||
{
|
||||
if (buf.has_acls () && check_file_access (buf, X_OK))
|
||||
if (buf.has_acls () && check_file_access (buf, X_OK, true))
|
||||
continue;
|
||||
|
||||
if (posix == tmp)
|
||||
@@ -1083,7 +1083,8 @@ just_shell:
|
||||
|
||||
/* Check if script is executable. Otherwise we start non-executable
|
||||
scripts successfully, which is incorrect behaviour. */
|
||||
if (real_path.has_acls () && check_file_access (real_path, X_OK) < 0)
|
||||
if (real_path.has_acls ()
|
||||
&& check_file_access (real_path, X_OK, true) < 0)
|
||||
return -1; /* errno is already set. */
|
||||
|
||||
/* Replace argv[0] with the full path to the script if this is the
|
||||
|
Reference in New Issue
Block a user