Update access(2) to have modern semantics with respect to X_OK and

the superuser.  access(2) will now only indicate success for X_OK on
non-directories if there is at least one execute bit set on the file.
OK deraadt@ thib@ otto@

1 files changed, 16 insertions, 8 deletions

diff --git a/lib/libc/sys/access.2 b/lib/libc/sys/access.2
index b2217493c3c..701b0c923f7 100644
--- a/lib/libc/sys/access.2
+++ b/lib/libc/sys/access.2
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: access.2,v 1.12 2007/05/31 19:19:32 jmc Exp $
+.\"	$OpenBSD: access.2,v 1.13 2008/06/09 23:38:37 millert Exp $
 .\"	$NetBSD: access.2,v 1.7 1995/02/27 12:31:44 cgd Exp $
 .\"
 .\" Copyright (c) 1980, 1991, 1993
@@ -30,7 +30,7 @@
 .\"
 .\"     @(#)access.2	8.2 (Berkeley) 4/1/94
 .\"
-.Dd $Mdocdate: May 31 2007 $
+.Dd $Mdocdate: June 9 2008 $
 .Dt ACCESS 2
 .Os
 .Sh NAME
@@ -69,13 +69,20 @@ and the real group access list
 (including the real group ID) is
 used in place of the effective ID for verifying permission.
 .Pp
-Even if a process has appropriate privileges and indicates success for
-.Dv X_OK ,
-the file may not actually have execute permission bits set.
-Likewise for
+If the invoking process has superuser privileges,
+.Fn access
+will always indicate success for
 .Dv R_OK
 and
-.Dv W_OK .
+.Dv W_OK ,
+regardless of the actual file permission bits.
+Likewise, for
+.Dv X_OK ,
+if the file has any of the execute bits set and
+.Fa path
+is not a directory,
+.Fn
+will indicate success.
 .Sh RETURN VALUES
 If
 .Fa path
@@ -131,4 +138,5 @@ function conforms to
 .St -p1003.1-90 .
 .Sh CAVEATS
 .Fn access
-is a potential security hole and should never be used.
+should never be used for actual access control.
+Doing so can result in a time of check vs. time of use security hole.