access(2) in set-GID programs
Jacob Gore
gore at eecs.nwu.edu
Thu Sep 15 15:28:20 AEST 1988
Suppose you have this situation:
----------------------------------------------------
drwxrwxr-x usera groupa /tmp/jjj
-rwxr-sr-x usera groupa a.out (provided below)
I am now userb/groupb. userb in NOT listed in /etc/group entry for groupa.
a.out is:
main(){
if (access("/tmp/jjj", 2) < 0) perror("directory");
}
----------------------------------------------------
Now, what I want to happen is for 'access' to fail -- in my application,
since the directory is not writable by userb/groupb, userb/groupb user
should not be able to use such a setgid program to create files in it.
But when I run this on 4.3BSD, 'access' succeeds. The manual entry for
access(2) says:
The real user ID and the group access list (including the
real group ID) are used in verifying permission, so this
call is useful to set-UID programs.
But what about set-Gid programs? Is the effective gid automatically in the
group access list?
If so, what can I do to let such a setgid program check whether
userb/groupb is actually allowed to create files in a directory?
Jacob Gore Gore at EECS.NWU.Edu
Northwestern Univ., EECS Dept. {oddjob,gargoyle,att}!nucsrl!gore
More information about the Comp.unix.wizards
mailing list