[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: bug in mintlib44's access() function

To: mint@atari.archive.umich.edu (mint list)
Subject: Re: bug in mintlib44's access() function
From: benni@phil15.uni-sb.de (Benjamin Lorenz)
Date: Mon, 20 Jun 1994 17:32:02 +0200 (MET DST)
In-reply-to: <9406201509.AA23990@eos> from "Urs Thuermann" at Jun 20, 94 05:09:54 pm

> > So if this function
> > tells me I can access a file, it will be true. 
> 
> No. Not even that.  If access() returns 0, it tells you you would have
> access, if your effective id was equal to your real id, i.e. if you
> execute another user's setuid program you may not have access to your
> own files (if that user doesn't have), although access() returns 0
> because it checks your real uid.

Right, look here:

--------------------------------------------------------------------
benni@pfsparc02[p1] ~/tamtam% ll                                      (0) 17:23
total 16
-rw-r--r--  1 benni           0 Jun 20 17:21 test
-rwsr-xr-x  1 uucp        16384 Jun 20 16:45 touch
benni@pfsparc02[p1] ~/tamtam% ./touch test                            (0) 17:23
./touch: cannot change times on test: Permission denied
benni@pfsparc02[p1] ~/tamtam%                                         (1) 17:23
--------------------------------------------------------------------

But you can always do a setuid(UID) in touch (if you have the source...)
to change the EUID from uucp to benni.

-- 
Benjamin Lorenz, Brunnenweg 33, D-66133 Saarbruecken
Phone: +49 681 815702, E-mail: lorenz@dfki.uni-sb.de

References:
- bug in mintlib44's access() function
  - From: thuerman@ibr.cs.tu-bs.de (Urs Thuermann)

Prev by Date: bug in mintlib44's access() function
Next by Date: Re: bug in mintlib44's access() function
Previous by thread: bug in mintlib44's access() function
Next by thread: Re: bug in mintlib44's access() function
Index(es):
- Date
- Thread