bug-gnu-emacs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#12632: file permissions checking mishandled when setuid


From: Paul Eggert
Subject: bug#12632: file permissions checking mishandled when setuid
Date: Mon, 22 Oct 2012 13:33:34 -0700
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:16.0) Gecko/20121016 Thunderbird/16.0.1

On 10/22/2012 10:19 AM, Eli Zaretskii wrote:
> My reading of Posix is that this should set errno to EBADF, not
> EINVAL.

Thanks, I'll fix that.

>> +  /* Normally a file F is an accessible directory if F/. is accessible.
>> +     But omit the "/." if F is empty, as "" is not "/."; and omit the
>> +     "/" if F ends in "/", as on some platforms "/" != "//".  */
>> +  if (len)
>> +    {
>> +      char *buf = SAFE_ALLOCA (len + 3);
>> +      memcpy (buf, file, len);
>> +      strcpy (buf + len, "/." + (file[len - 1] == '/'));
>> +      file = buf;
>> +    }
> 
> I think this should use IS_DIRECTORY_SEP instead of a literal '/'.

It should work as-is, no?  It's true that on Windows, backslash is
also a directory separator.  But I don't see any harm done if we append
'/.' to a file name that ends in backslash.  For example, if the file
name is 'FOO\' and we append '/.' to make it 'FOO\/.', the test should
succeed if FOO is a searchable directory and should fail otherwise, which
is what is wanted here.

Another way to put it is that the test against trailing slash is only
for the benefit of platforms where '/' != '//', and Windows is not
such a platform.






reply via email to

[Prev in Thread] Current Thread [Next in Thread]