Date: Wed, 21 Jul 2010 10:22:25 +0300 From: Jaakko Heinonen <jh@FreeBSD.org> To: Garrett Cooper <yanegomi@gmail.com> Cc: standards@freebsd.org, hackers@freebsd.org Subject: Re: Chasing down bugs with access(2) Message-ID: <20100721072225.GA1102@a91-153-117-195.elisa-laajakaista.fi> In-Reply-To: <AANLkTilXPg03r3eMJQKUeFIDhabA634lYu5K03Xue-kE@mail.gmail.com> References: <AANLkTilXPg03r3eMJQKUeFIDhabA634lYu5K03Xue-kE@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, On 2010-07-20, Garrett Cooper wrote: > I ran into an issue last night where apparently several apps make > faulty assumptions w.r.t. whether or not access(2) returns functional > data when running as a superuser. > New implementations are discouraged from returning X_OK unless at > least one execution permission bit is set. See PR kern/125009 (http://www.freebsd.org/cgi/query-pr.cgi?pr=125009). Here is the latest version of the vaccess*() patch which also changes vaccess_acl_nfs4(): http://people.freebsd.org/~jh/patches/vaccess-VEXEC.diff The patch is not a complete fix however. Not all file systems use vaccess*() for VEXEC in their VOP_ACCESS() (ZFS confirmed). Thus the patch doesn't work with ZFS. -- Jaakko
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20100721072225.GA1102>