Web lists-archives.com

Re: [PATCH] git-compat-util: work around for access(X_OK) under root

On Wed, Apr 24, 2019 at 09:55:04AM +0900, Junio C Hamano wrote:
> "brian m. carlson" <sandals@xxxxxxxxxxxxxxxxxxxx> writes:
> > What POSIX says on this is the following:
> >
> >   If any access permissions are checked, each shall be checked
> >   individually, as described in XBD File Access Permissions, except that
> >   where that description refers to execute permission for a process with
> >   appropriate privileges, an implementation may indicate success for
> >   X_OK even if execute permission is not granted to any user.
> Do I take this "not granted to any user" as "no +x bit is set for
> owner, group or other", and "a process with appropriate privileges"
> as "running as root"?

Yes. The language of the former is designed to allow ACLs or other
mechanisms, and "appropriate privileges" is the POSIX term for "root
permissions". The latter is also designed to allow implementations
leeway to implement an alternate mechanism.

Sorry for not explaining that up front; I'm so used to POSIX-speak by
now that it doesn't seem strange to me.

> The latter half feels iffy, if the system is still allowed to fail
> execution by "a process with appropriate privileges", leading to
> inconsistent answer from access(2) and behaviour by execv(2).  But
> at least that explains what was observed.

Yeah, I don't love that POSIX makes this exception, but it is what it
brian m. carlson: Houston, Texas, US
OpenPGP: https://keybase.io/bk2204

Attachment: signature.asc
Description: PGP signature