Since the concern raised is about portability and buggy implementations,
another strategy which addresses "test" returning inaccurate information
is to conditionally use access(F_OK) only on platforms where it is known
to be reliable. One way (but not the only way) is to use ifdefs, eg.
#ifdef
To be clear, the current implementation of using stat(), reading the
permissions, then later exec()ing is subject to the same race conditions
described in the access() man page. Just because stat() doesn't include
these warnings in the man page shouldn't be interpreted that the current
usage is
Additionally, this behavior also causes problems where the security
policy writer, for whatever reason, wants to allow a file to be executed
but disallow stat() operations. This could occur, for example, in high
sensitivity environments where leaking metadata (size, last update time,
etc) about
In the SELinux case that Elliott pointed to in the initial bug report,
mksh can also "see" the file (eg, stat() returns EACCES, indicating the
file exists but security policy disallows stat() operations). Yet "not
found" is emitted by mksh vs (the IMHO more correct) "Permission
denied". The mksh
Are you referring to Posix 1003.1 section "C.2.8.2 Exit Status for
Commands"?
Historical shells make the distinction between ‘‘utility not found’’ and
‘‘utility found but cannot execute’’ in their error messages. By specifying
two seldomly used exit status values for these cases, 127 and
To be clear, having stat() return an error is not "breaking UNIX" (re
https://bazaar.launchpad.net/~mirabilos/mksh/MAIN/revision/2874). UNIX,
as defined by IEEE Std 1003.1-2017, says:
http://pubs.opengroup.org/onlinepubs/9699919799/functions/stat.html
An implementation that provides additional
My system, the Android operating system, uses SELinux to disallow stat()
for a large number of files and directories. This prevents side channel
leakage between various untrustworthy processes, helping preserve user
privacy and preserve the confidentiality of the system. For good reason,
the
If you insist on stat(), then it should be fairly straight forward to
check errno.
File exists if stat() returns success, *or* if stat() returns failure
and errno != ENOENT.
--
You received this bug notification because you are a member of mksh
Mailing List, which is subscribed to mksh.
