Re: [AD] Possible bug in src/libc.c |
[ Thread Index |
Date Index
| More lists.liballeg.org/allegro-developers Archives
]
In message <Pine.LNX.4.30.0101281813270.957-100000@xxxxxxxxxx>, Stepan Roh wri
tes:
> if ((ff_info->stat.st_uid == geteuid()) {
> if ((ff_info->stat.st_mode & S_IWUSR) == 0))
> ffblk->ff_attrib |= FA_RDONLY;
> } else if ((ff_info->stat.st_gid == getegid()) {
> if ((ff_info->stat.st_mode & S_IWGRP) == 0))
> ffblk->ff_attrib |= FA_RDONLY;
> } else if ((ff_info->stat.st_mode & S_IWOTH) == 0) {
> ffblk->ff_attrib |= FA_RDONLY;
> }
>[...]
>> It won't check against supplementary groups, which it
>> should (to be perfect! :-) ).
You might want to look at the access() function which you are almost trying
to reinvent here (`man 2 access' on Linux to avoid reading about the access
command instead). The only wrinkle is:
The check is done with the process's real uid and gid, rather than with
the effective ids as is done when actually attempting an operation. This
is to allow set-UID programs to easily determine the invoking user's
authority.
The Linux man page says it conforms to "SVID, AT&T, POSIX, X/OPEN, BSD 4.3"
so it should be portable.
Cheers,
Olly