Re: [hackers] [sbase][PATCH] which: check AT_EACCESS

From: Mattias Andrée <>
Date: Tue, 30 Jul 2019 07:57:19 +0200

On Mon, 29 Jul 2019 18:46:25 -0700
Michael Forney <> wrote:

> On 2019-07-27, Mattias Andrée <> wrote:
> > A file is executable only if the effective user
> > have permission to execute it. The real user's
> > permissions do not matter.
> Thanks for the patch, but doesn't this only make a difference if the
> `which` binary itself is setuid? If not, can you provide an example
> that is fixed by this patch?
> I looked at a few other implementations and they just use access(3),
> which behaves like faccessat(3) with no flags.

setuid is inherited (exec(3) never changes the effective user according
to POSIX unless the new process have the setuid flag and it is not blocked
by the ST_NOSUID mount option). However, I cannot think of a real world
scenario where this would matter; it would be if the user have a program
similar to sudo that only changes the effective user.
Received on Tue Jul 30 2019 - 07:57:19 CEST

This archive was generated by hypermail 2.3.0 : Tue Jul 30 2019 - 08:36:25 CEST