On Tue, Jan 13, 2009 at 5:12 AM, <[email protected]> wrote: > > I see no reason for "access(file, X_OK))" should return 0 for > ordinary files which have no execute bit set. > > I think we can just change that.
This behaviour is controlled by the file_dac_execute privilege. Processes running as root will always get this privilege in their Effective set, since processes generally have the file_dac_execute privilege in the Limit set, and when something is executed as root (e.g. via a setuid binary) the Permitted and Effective sets are set to Limit [1]. Would a reasonable solution be to modify this code to not copy the file_dac_execute privilege into the Effective set (processes that really want this behaviour could still call ppriv(1)/setppriv(2) to add it to their Effective set)? [1] http://src.opensolaris.org/source/xref/onnv/onnv-gate/usr/src/uts/common/os/priv.c#624 -- David _______________________________________________ opensolaris-code mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/opensolaris-code
