bugs in access(2) ?

Gene Spafford spaf at gatech.CSNET
Fri Jun 7 04:29:38 AEST 1985


I have found what I believe to be a few bugs in the access(2) routine.
Before I go about trying to put in fixes, I'd like to know if others
have found these bugs and already have fixes.  I'd also like to
know if anyone can think of anything that will break if I fix these.

For indexing purposes, we're running the BRL 3.0 release of their
version of 4.2 BSD.  "access" is in /sys/sys/ufs_fio.c

Bug #1)  A call to "access" root" with multiple permission checks
on a file on a read-only disk will return an incorrect result.

Example:
	i = access("/ro/foo", 022)
	and foo is on a read-only disk, the routine returns a 0
	(implied "true").
Probable fix:
	change the line near the beginning which has
		if (m == IWRITE)
	to
		if ((m & 0222) != 0)


Bug #2)  Root is shown as having "execute" access to everything.
	 This isn't correct for files which are not executable.

Probable fix:  Basically, the code which is currently:
	/*
	 * If you're the super-user,
	 * you always get access.
	 */
	if (u.u_uid == 0)
		return (0);

	should be rewritten to be something like:

	if (u.u_uid == 0)
	{
	    if (ip->i_mode&IFMT == IFDIR)
		    return (0);
	    else
	    {
		if (ip->imode&0111 != 0)
			return (0);
		else
		{
		    u.u_error = EACCES;
		    return (1);
		}
	    }
	}



Comments?
-- 
Gene "3 months and holding" Spafford
The Clouds Project, School of ICS, Georgia Tech, Atlanta GA 30332
CSNet:	Spaf @ GATech		ARPA:	Spaf%GATech.CSNet @ CSNet-Relay.ARPA
uucp:	...!{akgua,allegra,hplabs,ihnp4,linus,seismo,ulysses}!gatech!spaf



More information about the Comp.bugs.4bsd.ucb-fixes mailing list