Re: [AD] Possible bug in src/libc.c

[ Thread Index | Date Index | More lists.liballeg.org/allegro-developers Archives ]


In message <Pine.LNX.4.30.0101281813270.957-100000@xxxxxxxxxx>, Stepan Roh wri
tes:
> if ((ff_info->stat.st_uid == geteuid()) {
>     if ((ff_info->stat.st_mode & S_IWUSR) == 0))
>          ffblk->ff_attrib |= FA_RDONLY;
> } else if ((ff_info->stat.st_gid == getegid()) {
>     if ((ff_info->stat.st_mode & S_IWGRP) == 0))
>          ffblk->ff_attrib |= FA_RDONLY;
> } else if ((ff_info->stat.st_mode & S_IWOTH) == 0) {
>          ffblk->ff_attrib |= FA_RDONLY;
> }
>[...]
>> It won't check against supplementary groups, which it
>> should (to be perfect! :-) ).

You might want to look at the access() function which you are almost trying
to reinvent here (`man 2 access' on Linux to avoid reading about the access
command instead).  The only wrinkle is:

    The check is done with the process's real uid and gid, rather than with
    the effective ids as is done when actually attempting an operation. This
    is to allow set-UID programs to easily determine the invoking user's
    authority.

The Linux man page says it conforms to "SVID, AT&T, POSIX, X/OPEN, BSD 4.3"
so it should be portable.

Cheers,
Olly



Mail converted by MHonArc 2.6.19+ http://listengine.tuxfamily.org/