bug#12632: file permissions checking mishandled when setuid

[Eli Zaretskii]

> Date: Mon, 22 Oct 2012 13:33:34 -0700
> From: Paul Eggert <eggert@cs.ucla.edu>
> CC: rgm@gnu.org, 12632@debbugs.gnu.org
> 
> >> +  /* Normally a file F is an accessible directory if F/. is accessible.
> >> +     But omit the "/." if F is empty, as "" is not "/."; and omit the
> >> +     "/" if F ends in "/", as on some platforms "/" != "//".  */
> >> +  if (len)
> >> +    {
> >> +      char *buf = SAFE_ALLOCA (len + 3);
> >> +      memcpy (buf, file, len);
> >> +      strcpy (buf + len, "/." + (file[len - 1] == '/'));
> >> +      file = buf;
> >> +    }
> > 
> > I think this should use IS_DIRECTORY_SEP instead of a literal '/'.
> 
> It should work as-is, no?  It's true that on Windows, backslash is
> also a directory separator.  But I don't see any harm done if we append
> '/.' to a file name that ends in backslash.

I meant the test (file[len - 1] == '/').

> For example, if the file name is 'FOO\' and we append '/.' to make
> it 'FOO\/.', the test should succeed if FOO is a searchable
> directory

It doesn't necessarily succeed.  Windows file APIs are picky wrt
trailing slashes.  And the result is ugly, and the code looks wrong.

We use IS_DIRECTORY_SEP in other places, so why avoid it here?

> Another way to put it is that the test against trailing slash is only
> for the benefit of platforms where '/' != '//', and Windows is not
> such a platform.

Yes, Windows _is_ such a platform, "//foo/bar" and "/foo/bar" are very
different things there.