bug#12632: file permissions checking mishandled when setuid

[Eli Zaretskii]

> Date: Sun, 21 Oct 2012 23:03:30 -0700
> From: Paul Eggert <eggert@cs.ucla.edu>
> Cc: 12632@debbugs.gnu.org
> 
> +/* If FILE is a searchable directory or a symlink to a
> +   searchable directory, return true.  Otherwise return
> +   false and set errno to an error number.  */
> +bool
> +file_accessible_directory_p (char const *file)
> +{
> +  ptrdiff_t len = strlen (file);
> +  bool ok;
> +  int faccessat_errno;
> +  USE_SAFE_ALLOCA;
> +
> +  /* Normally a file F is an accessible directory if F/. is accessible.
> +     But omit the "/." if F is empty, as "" is not "/."; and omit the
> +     "/" if F ends in "/", as on some platforms "/" != "//".  */
> +  if (len)
> +    {
> +      char *buf = SAFE_ALLOCA (len + 3);
> +      memcpy (buf, file, len);
> +      strcpy (buf + len, "/." + (file[len - 1] == '/'));
> +      file = buf;
> +    }

I think this should use IS_DIRECTORY_SEP instead of a literal '/'.

>  int
> -sys_access (const char * path, int mode)
> +sys_faccessat (int dirfd, const char * path, int mode, int flags)
>  {
>    DWORD attributes;
>  
> +  if (dirfd != AT_FDCWD)
> +    {
> +      errno = EINVAL;
> +      return -1;
> +    }

My reading of Posix is that this should set errno to EBADF, not
EINVAL.

There's also a problem that sys_faccessat won't have a prototype, so
compiling with -std=gnu99 will issue a warning, but that's not fatal,
and we can add that later.