From 6ab91dcac15548bdc6bcffa3890577632f184bfd Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Mon, 9 Jun 2008 23:38:38 +0000 Subject: Update access(2) to have modern semantics with respect to X_OK and the superuser. access(2) will now only indicate success for X_OK on non-directories if there is at least one execute bit set on the file. OK deraadt@ thib@ otto@ --- lib/libc/sys/access.2 | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) (limited to 'lib/libc/sys') diff --git a/lib/libc/sys/access.2 b/lib/libc/sys/access.2 index b2217493c3c..701b0c923f7 100644 --- a/lib/libc/sys/access.2 +++ b/lib/libc/sys/access.2 @@ -1,4 +1,4 @@ -.\" $OpenBSD: access.2,v 1.12 2007/05/31 19:19:32 jmc Exp $ +.\" $OpenBSD: access.2,v 1.13 2008/06/09 23:38:37 millert Exp $ .\" $NetBSD: access.2,v 1.7 1995/02/27 12:31:44 cgd Exp $ .\" .\" Copyright (c) 1980, 1991, 1993 @@ -30,7 +30,7 @@ .\" .\" @(#)access.2 8.2 (Berkeley) 4/1/94 .\" -.Dd $Mdocdate: May 31 2007 $ +.Dd $Mdocdate: June 9 2008 $ .Dt ACCESS 2 .Os .Sh NAME @@ -69,13 +69,20 @@ and the real group access list (including the real group ID) is used in place of the effective ID for verifying permission. .Pp -Even if a process has appropriate privileges and indicates success for -.Dv X_OK , -the file may not actually have execute permission bits set. -Likewise for +If the invoking process has superuser privileges, +.Fn access +will always indicate success for .Dv R_OK and -.Dv W_OK . +.Dv W_OK , +regardless of the actual file permission bits. +Likewise, for +.Dv X_OK , +if the file has any of the execute bits set and +.Fa path +is not a directory, +.Fn +will indicate success. .Sh RETURN VALUES If .Fa path @@ -131,4 +138,5 @@ function conforms to .St -p1003.1-90 . .Sh CAVEATS .Fn access -is a potential security hole and should never be used. +should never be used for actual access control. +Doing so can result in a time of check vs. time of use security hole. -- cgit v1.2.3