[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: BUG: deny_access



Steffen Ries wrote:

> MiNT allows root to do _everything_, even to execute files which are
> not executable. This behaviour is not shared by other unices (SunOS,
> linux, etc.) which allow root read and write access, but deny
> executional rights.
> 
> In this way I consider this a bug.

Me, too.

> It is easy to fix, but the fix has some drawbacks: since root must
> obey the x-bit, this is also true for directories. I have two daily
> cron-jobs running: one creates a backup, the other updates the
> locate-database. Both jobs cannot access directories, which are e.g. 
> set 0700 and don't belong to root. So root gets some more mails per
> day and the locate database lacks some files...

After my .sig's a better patch which fixes this.

Michael
-- 
Email: hohmuth@inf.tu-dresden.de
WWW:   http://www.inf.tu-dresden.de/~mh1/

--- dosfile.c.foo	Sat Mar 18 00:21:04 1995
+++ dosfile.c	Sat Mar 18 00:24:56 1995
@@ -42,7 +42,7 @@
 	long r;
 	XATTR xattr;
 	unsigned perm;
-	int creating;
+	int creating, exec_check;
 	char temp1[PATH_MAX];
 	short cur_gid, cur_egid;
 #ifdef CREATE_PIPES
@@ -162,6 +162,7 @@
 		return NULL;
 	}
 
+	exec_check = 0;
 	switch (rwmode & O_RWMODE) {
 	case O_WRONLY:
 		perm = S_IWOTH;
@@ -170,7 +171,13 @@
 		perm = S_IROTH|S_IWOTH;
 		break;
 	case O_EXEC:
-		perm = (fc.fs->fsflags & FS_NOXBIT) ? S_IROTH : S_IXOTH;
+		if (fc.fs->fsflags & FS_NOXBIT)
+			perm = S_IROTH;
+		else {
+			perm = S_IXOTH;
+			if (curproc->euid == 0)
+				exec_check = 1;	/* superuser needs 1 x bit */
+		}
 		break;
 	case O_RDONLY:
 		perm = S_IROTH;
@@ -179,7 +186,12 @@
 		perm = 0;
 		ALERT("do_open: bad file access mode: %x", rwmode);
 	}
-	if (!creating && denyaccess(&xattr, perm)) {
+/*
+ * access checking;  additionally, the superuser needs at least one
+ * execute right to execute a file
+ */
+	if ( (exec_check && ((xattr.mode & (S_IXUSR|S_IXGRP|S_IXOTH)) == 0)) ||
+	     (!creating && denyaccess(&xattr, perm))) {
 		DEBUG(("do_open(%s): access to file denied",name));
 		release_cookie(&dir);
 		release_cookie(&fc);