mirror/glibc
2
0
Fork 0
mirror of git://sourceware.org/git/glibc.git synced 2025-03-19 13:40:59 +08:00
Code Issues Packages Projects Releases Wiki Activity

Update.

Browse Source 
* manual/filesys.texi (Testing File Access): Correct description of
	SUID.

1999-08025  H.J. Lu  <hjl@gnu.org>

	* csu/defs.awk (.end): Only match with leading white spaces.
	(.align): Likewise.

1999-09-19  Ulrich Drepper  <drepper@cygnus.com>
This commit is contained in:
Ulrich Drepper 1999-09-20 04:59:24 +00:00
parent 1d8004b276
commit 3a4cbb4186
3 changed files with 25 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
ChangeLog
View File

@ -1,3 +1,13 @@
1999-09-19 Ulrich Drepper <drepper@cygnus.com>
* manual/filesys.texi (Testing File Access): Correct description of
SUID.
1999-08025 H.J. Lu <hjl@gnu.org>
* csu/defs.awk (.end): Only match with leading white spaces.
(.align): Likewise.
1999-09-19 Ulrich Drepper <drepper@cygnus.com>
* stdlib/isomac.c: Add va_copy to allowed macros.

4
csu/defs.awk
View File

@ -1,5 +1,5 @@
/\.end/ { need_end = 1 }
/\.align/ { if($2 > max) max = $2; }
/^[ ]*\.end/ { need_end = 1 }
/^[ ]*\.align/ { if($2 > max) max = $2; }
END {
if(need_end)

25
manual/filesys.texi
View File

@ -2267,19 +2267,20 @@ The file resides on a read-only file system.
@cindex access, testing for
@cindex setuid programs and file access
When a program runs as a privileged user, this permits it to access
files off-limits to ordinary users---for example, to modify
@file{/etc/passwd}. Programs designed to be run by ordinary users but
access such files use the setuid bit feature so that they always run
with @code{root} as the effective user ID.
In some situations it is desirable to allow programs to access files or
devices even if this is not possible with the permissions granted to the
user. One possible solution is to set the setuid-bit of the program
file. If such a program is started the @emph{effective} user ID of the
process is changed to that of the owner of the program file. So to
allow write access to files like @file{/etc/passwd}, which normally can
be written only by the super-user, the modifying program will have to be
owned by @code{root} and the setuid-bit must be set.
Since the program runs as @code{root}, it has permission to access
whatever file the user specifies---but usually the desired behavior is
to permit only those files which the user could ordinarily access.
The program therefore must explicitly check whether @emph{the user}
would have the necessary access to a file, before it reads or writes the
file.
But beside the files the program is intended to change the user should
not be allowed to access any file to which s/he would not have access
anyway. The program therefore must explicitly check whether @emph{the
user} would have the necessary access to a file, before it reads or
writes the file.
To do this, use the function @code{access}, which checks for access
permission based on the process's @emph{real} user ID rather than the