This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH] [BZ #18433] Check file access/existence before forking.
- From: Zack Weinberg <zackw at panix dot com>
- To: Navid Rahimi <rahimi dot nv at gmail dot com>,libc-alpha at sourceware dot org
- Date: Thu, 10 Sep 2015 11:02:27 -0400
- Subject: Re: [PATCH] [BZ #18433] Check file access/existence before forking.
- Authentication-results: sourceware.org; auth=none
- References: <55F19819 dot 3010601 at gmail dot com>
On September 10, 2015 10:47:53 AM EDT, Navid Rahimi <rahimi.nv@gmail.com> wrote:
>[BZ #18433]
>* sysdeps/posix/spawni.c (__spawni):
>Check file access before forking.
>---
>ChangeLog | 5 +++++
>sysdeps/posix/spawni.c | 3 +++
>2 files changed, 8 insertions(+)
>
>diff --git a/ChangeLog b/ChangeLog
>index 5f009a8..0e0c85b 100644
>--- a/ChangeLog
>+++ b/ChangeLog
>@@ -1,3 +1,8 @@
>+2015-09-10 Navid Rahimi <rahimi.nv@gmail.com>
>+
>+ [BZ #18433]
>+ * sysdeps/posix/spawni.c (__spawni): Check file access before
>forking.
>+
> 2015-09-08 Joseph Myers <joseph@codesourcery.com>
>
> [BZ #14912]
>diff --git a/sysdeps/posix/spawni.c b/sysdeps/posix/spawni.c
>index eee9331..c571390 100644
>--- a/sysdeps/posix/spawni.c
>+++ b/sysdeps/posix/spawni.c
>@@ -90,6 +90,9 @@ __spawni (pid_t *pid, const char *file,
> size_t len;
> size_t pathlen;
>
>+ if(__access (file, X_OK) != 0)
>+ return errno;
>+
> /* Do this once. */
> short int flags = attrp == NULL ? 0 : attrp->__flags;
Why is a TOCTOU race acceptable and/or unavoidable? Also, why is a check using the real rather than the effective credentials correct here?