Re: [hackers] [sbase][PATCH] which: check AT_EACCESS

From: Michael Forney <mforney_AT_mforney.org>
Date: Mon, 29 Jul 2019 18:46:25 -0700

On 2019-07-27, Mattias Andrée <maandree_AT_kth.se> wrote:
> A file is executable only if the effective user
> have permission to execute it. The real user's
> permissions do not matter.

Thanks for the patch, but doesn't this only make a difference if the
`which` binary itself is setuid? If not, can you provide an example
that is fixed by this patch?

I looked at a few other implementations and they just use access(3),
which behaves like faccessat(3) with no flags.
Received on Tue Jul 30 2019 - 03:46:25 CEST

This archive was generated by hypermail 2.3.0 : Tue Jul 30 2019 - 03:48:23 CEST