CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2016/03/14 09:26:52
Modified files:
lib/libc/time : localtime.c
Log message:
Remove doaccess variable and access(2) call since this interfers with
applications like zdump(8) because pledge(2) doesn't allow access(2) to
/usr/share/zoneinfo.
millert@ better described why this call can go away:
"This looks like an attempt to do access checks based on the real uid instead
of the effective uid. Basically for setuid programs we don't want to allow a
user to set TZ to a path they should not be able to otherwise access.
However, we already have a check for issetugid() above so I think the doaccess
bits can just be removed and we can rely on open()."
After discussion with tb@, deraadt@ and millert@, this was also OK'ed by them
