From e75c1c33762441d5262d4d3e897fed94ef8c9cf8 Mon Sep 17 00:00:00 2001 From: rwatson Date: Fri, 21 Sep 2001 21:35:22 +0000 Subject: o Modify access(2) man page to describe eaccess(2), and add a symlink so man eaccess will return the access(2) man page. Obtained from: TrustedBSD Project --- lib/libc/sys/Makefile.inc | 1 + lib/libc/sys/access.2 | 23 +++++++++++++++++++---- 2 files changed, 20 insertions(+), 4 deletions(-) (limited to 'lib/libc') diff --git a/lib/libc/sys/Makefile.inc b/lib/libc/sys/Makefile.inc index e40a934..4c90c88 100644 --- a/lib/libc/sys/Makefile.inc +++ b/lib/libc/sys/Makefile.inc @@ -87,6 +87,7 @@ MAN+= sched_get_priority_max.2 sched_setparam.2 \ sched_setscheduler.2 sched_yield.2 .endif +MLINKS+=access.2 eaccess.2 MLINKS+=brk.2 sbrk.2 MLINKS+=chdir.2 fchdir.2 MLINKS+=chflags.2 fchflags.2 diff --git a/lib/libc/sys/access.2 b/lib/libc/sys/access.2 index 5646b0d..23cc3c0 100644 --- a/lib/libc/sys/access.2 +++ b/lib/libc/sys/access.2 @@ -44,10 +44,14 @@ .Fd #include .Ft int .Fn access "const char *path" "int mode" +.Ft int +.Fn eaccess "const char *path" "int mode" .Sh DESCRIPTION The .Fn access -function checks the accessibility of the +and +.Fn eaccess +functions check the accessibility of the file named by .Fa path for the access permissions indicated by @@ -69,12 +73,17 @@ For additional information, see the section of .Xr intro 2 . .Pp -The real user ID is used in place of the effective user ID +.Fn eaccess +uses the effective user ID, group ID, and additional groups to authorize +the request. +.Fn access +uses +the real user ID in place of the effective user ID and the real group access list (including the real group ID) are used in place of the effective ID for verifying permission. .Pp -Even if a process's real user has appropriate privileges +Even if a process's real or effective user has appropriate privileges and indicates success for .Dv X_OK , the file may not actually have execute permission bits set. @@ -126,8 +135,14 @@ function call is expected to conform to .St -p1003.1-90 . .Sh CAVEAT .Fn Access -is a potential security hole and +is a potential security hole due to race conditions and should never be used. +Setuid and setgid applications should restore the effective uid or gid +and perform actions directly rather than use +.Fn access +to simulate access checks for the real user of group id. +.Fn Eaccess +likewise may be subject to races if used inappropriately. .Sh HISTORY An .Fn access -- cgit v1.1