Re: chmod failing with EPERM and PRIV

bug-gnulib

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: chmod failing with EPERM and PRIV_ALL needed

From:	David Bartley
Subject:	Re: chmod failing with EPERM and PRIV_ALL needed
Date:	Wed, 4 Mar 2009 04:39:34 -0500

On Tue, Mar 3, 2009 at 9:08 AM, Jim Meyering <address@hidden> wrote:
>
> Thanks for the report.  I read Casper's reply.
>
> That function removes PRIV_SYS_LINKDIR for the sake of security.
> Without it, there's a guaranteed race condition that may lead to
> unlinking a non-empty directory.
>
> It's ironic that Solaris' privilege system does not accommodate that.
> But if you explain to them why we're doing it, maybe they'll
> recognize the utility of it and relax the model.
>

Hi Jim,

I've confirmed that this is also a problem on Solaris 10, so even if
Sun were to agree to change it there would still be many systems
affected.

How does the attached patch look? The idea is to restore the
PRIV_SYS_LINKDIR privilege if chmod fails and try the chmod again. If
it looks ok, I'll split the patch into separate gnulib and tar patches
and add a changelog entry.

-- David

tar-1.21-solaris.diff
Description: Text Data

[Prev in Thread]

Current Thread

[Next in Thread]

chmod failing with EPERM and PRIV_ALL needed, David Bartley, 2009/03/03
- Re: chmod failing with EPERM and PRIV_ALL needed, Jim Meyering, 2009/03/03
  - Re: chmod failing with EPERM and PRIV_ALL needed, David Bartley <=

Prev by Date: [PATCH] unlinkdir: cannot_unlink_dir may modify process state
Next by Date: Re: automake conditional for visibility?
Previous by thread: Re: chmod failing with EPERM and PRIV_ALL needed
Next by thread: visibility license?
Index(es):
- Date
- Thread