RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-05-14 20:04:59 +00:00
Code Issues Activity Actions

Kernel: Use real UID/GID when checking for file access

Browse source 
This aligns the rest of the system with POSIX, who says that access(2)
must check against the real UID and GID, not effective ones.
This commit is contained in:
sin-ack 2022-10-01 12:03:46 +00:00 committed by Andrew Kaster
parent 3472c84d14
commit fa692e13f9
3 changed files with 20 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

6
Kernel/FileSystem/VirtualFileSystem.cpp
View file

@ -530,17 +530,17 @@ ErrorOr<void> VirtualFileSystem::access(Credentials const& credentials, StringVi
auto& inode = custody->inode();
auto metadata = inode.metadata();
if (mode & R_OK) {
if (!metadata.may_read(credentials))
if (!metadata.may_read(credentials, UseEffectiveIDs::No))
return EACCES;
}
if (mode & W_OK) {
if (!metadata.may_write(credentials))
if (!metadata.may_write(credentials, UseEffectiveIDs::No))
return EACCES;
if (custody->is_readonly())
return EROFS;
}
if (mode & X_OK) {
if (!metadata.may_execute(credentials))
if (!metadata.may_execute(credentials, UseEffectiveIDs::No))
return EACCES;
}
return {};