Xref: utzoo comp.unix.programmer:963 alt.sources.d:1431 Path: utzoo!utgpu!cs.utexas.edu!wuarchive!uunet!mcsun!hp4nl!star.cs.vu.nl!maart From: maart@cs.vu.nl (Maarten Litmaath) Newsgroups: comp.unix.programmer,alt.sources.d Subject: Re: -x implementations Message-ID: <8920@star.cs.vu.nl> Date: 2 Feb 91 10:13:27 GMT References: <1943:Jan2619:34:3591@kramden.acf.nyu.edu> <2856@charon.cwi.nl> <8869@star.cs.vu.nl> <1991Jan29.153242.12335@convex.com> <8896@star.cs.vu.nl> <19017@rpp386.cactus.org> <6124@segue.segue.com> Sender: news@cs.vu.nl Reply-To: maart@cs.vu.nl (Maarten Litmaath) Organization: VU Dept. of Computer Science, Amsterdam, The Netherlands Lines: 32 In article <6124@segue.segue.com>, jim@segue.segue.com (Jim Balter) writes: )In article <19017@rpp386.cactus.org> ) jfh@rpp386.cactus.org (John F Haugh II) writes: )>test(1) is the sick on. Any version of test(1) which relies on )>access(2) is broken. ) )1) The fact that access does not provide an option to test the effective uid ) is brain damage. And the following piece of kernel code: /* * If you're the super-user, * you always get access. */ if (u.u_uid == 0) return (0); )2) It only matters if the program calling access has S_ISUID or S_ISGID set. Not true. ) Why would test be installed with set-uid privileges? What if the program (e.g. the shell) that _calls_ `test', is setuid? (I.e. its effective uid differs from its real uid.) -- "Salman Rushdie received a copy just as his latest novel was being published. He ignored it and received myriads of death threats. He quickly decided to send out twenty copies (some to the Ayatollah) and is still alive." (John Banagan in sci.skeptic)