Re: [hackers] [sbase][PATCH] which: check AT_EACCESS

From: Mattias Andrée <maandree_AT_kth.se>
Date: Tue, 30 Jul 2019 07:57:19 +0200

On Mon, 29 Jul 2019 18:46:25 -0700
Michael Forney <mforney_AT_mforney.org> wrote:

> On 2019-07-27, Mattias Andrée <maandree_AT_kth.se> wrote:
> > A file is executable only if the effective user
> > have permission to execute it. The real user's
> > permissions do not matter.
>
> Thanks for the patch, but doesn't this only make a difference if the
> `which` binary itself is setuid? If not, can you provide an example
> that is fixed by this patch?
>
> I looked at a few other implementations and they just use access(3),
> which behaves like faccessat(3) with no flags.
>

setuid is inherited (exec(3) never changes the effective user according
to POSIX unless the new process have the setuid flag and it is not blocked
by the ST_NOSUID mount option). However, I cannot think of a real world
scenario where this would matter; it would be if the user have a program
similar to sudo that only changes the effective user.
Received on Tue Jul 30 2019 - 07:57:19 CEST

This archive was generated by hypermail 2.3.0 : Tue Jul 30 2019 - 08:36:25 CEST