Re: [PATCH] Don't punish non-SUID/SGID programs

[Andreas Jaeger <aj at suse dot de>]

>>>>> Jakub Jelinek writes:

 > Hi!
 > The new access checks are IMHO too strict because they change the behaviour
 > when those variables are set for non-SUID/SGID programs.
 > Both memusage and SegFault try to create missing output file, but
 > access (R_OK|W_OK) won't return 0 if the file is missing.
 > I think we should keep the old behaviour for non-SUID/SGID programs and only
 > require the user creates the file first when playing with SUID/SGID
 > programs.

 > 2001-01-10  Jakub Jelinek  <jakub@redhat.com>

 > 	* malloc/memusage.c (me): If not SUID/SGID, allow creating new
 > 	$MEMUSAGE_OUTPUT file.
 > 	* sysdeps/generic/segfault.c (segfault.c): If not SUID/SGID, allow
 > 	creating new $SEGFAULT_OUTPUT_NAME file.

 > --- libc/malloc/memusage.c.jj	Mon Jan  8 19:07:14 2001
 > +++ libc/malloc/memusage.c	Wed Jan 10 12:06:09 2001
 > @@ -201,7 +201,7 @@ me (void)
 >      {
 >        const char *outname = getenv ("MEMUSAGE_OUTPUT");
 >        if (outname != NULL && outname[0] != '\0'
 > -	  && access (outname, R_OK | W_OK) == 0)
 > +	  && (!libc_enable_secure || access (outname, R_OK | W_OK) == 0))
 >  	{
 >  	  fd = creat (outname, 0666);
 
 > --- libc/sysdeps/generic/segfault.c.jj	Wed Jan 10 12:02:54 2001
 > +++ libc/sysdeps/generic/segfault.c	Wed Jan 10 12:04:49 2001
 > @@ -237,6 +237,7 @@ install_handler (void)
 
 >    /* Preserve the output file name if there is any given.  */
 >    name = getenv ("SEGFAULT_OUTPUT_NAME");
 > -  if (name != NULL && name[0] != '\0' && __access (name, R_OK | W_OK) == 0)
 > +  if (name != NULL && name[0] != '\0'
 > +      && (!libc_enable_secure || __access (name, R_OK | W_OK) == 0))
 >      fname = __strdup (name);
 >  }
Shouldn't these be __libc_enable_secure with two leading underscores?

Andreas
-- 
 Andreas Jaeger
  SuSE Labs aj@suse.de
   private aj@arthur.inka.de
    http://www.suse.de/~aj