Date: Tue, 30 Oct 2018 15:43:07 +0000 (UTC) From: Edward Tomasz Napierala <trasz@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r339920 - head/contrib/tzcode/stdtime Message-ID: <201810301543.w9UFh727023743@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: trasz Date: Tue Oct 30 15:43:06 2018 New Revision: 339920 URL: https://svnweb.freebsd.org/changeset/base/339920 Log: Remove useless call to access(2) from tzcode. Quoting OpenBSD: > Remove doaccess variable and access(2) call since this interfers with > applications like zdump(8) because pledge(2) doesn't allow access(2) to > /usr/share/zoneinfo. > > millert@ better described why this call can go away: > > "This looks like an attempt to do access checks based on the real uid instead > of the effective uid. Basically for setuid programs we don't want to allow a > user to set TZ to a path they should not be able to otherwise access. > > However, we already have a check for issetugid() above so I think the doaccess > bits can just be removed and we can rely on open()." > > After discussion with tb@, deraadt@ and millert@, this was also OK'ed by them Reviewed by: imp Obtained from: OpenBSD MFC after: 2 weeks Sponsored by: DARPA, AFRL Differential Revision: https://reviews.freebsd.org/D17701 Modified: head/contrib/tzcode/stdtime/localtime.c Modified: head/contrib/tzcode/stdtime/localtime.c ============================================================================== --- head/contrib/tzcode/stdtime/localtime.c Tue Oct 30 15:39:33 2018 (r339919) +++ head/contrib/tzcode/stdtime/localtime.c Tue Oct 30 15:43:06 2018 (r339920) @@ -398,7 +398,6 @@ register const int doextend; if (name == NULL && (name = TZDEFAULT) == NULL) return -1; { - int doaccess; struct stat stab; /* ** Section 4.9.1 of the C standard says that @@ -415,8 +414,7 @@ register const int doextend; if (name[0] == ':') ++name; - doaccess = name[0] == '/'; - if (!doaccess) { + if (name[0] != '/') { if ((p = TZDIR) == NULL) { free(fullname); return -1; @@ -428,16 +426,7 @@ register const int doextend; (void) strcpy(fullname, p); (void) strcat(fullname, "/"); (void) strcat(fullname, name); - /* - ** Set doaccess if '.' (as in "../") shows up in name. - */ - if (strchr(name, '.') != NULL) - doaccess = TRUE; name = fullname; - } - if (doaccess && access(name, R_OK) != 0) { - free(fullname); - return -1; } if ((fid = _open(name, OPEN_MODE)) == -1) { free(fullname);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201810301543.w9UFh727023743>