From 06f99de5d9a429164c2ae959f16cd575e86400bb Mon Sep 17 00:00:00 2001 From: Kaz Kylheku Date: Wed, 4 May 2016 06:56:12 -0700 Subject: Fix: path-writable-to-me bug, for root. * share/txr/stdlib/path-test.tl (sys:path-access): Comment added to note use restriction to identical permissions for all three scopes. Fixed incorrect use of logior instead of logand which causes strict permission test to be applied to user even when testing for non-execute permisisons. --- share/txr/stdlib/path-test.tl | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'share') diff --git a/share/txr/stdlib/path-test.tl b/share/txr/stdlib/path-test.tl index 851ac61b..cb2a1c48 100644 --- a/share/txr/stdlib/path-test.tl +++ b/share/txr/stdlib/path-test.tl @@ -77,12 +77,13 @@ (or (= g (getegid)) (find g (getgroups)))))) +;; umask, gmask and omask must test identical permissions (defun sys:path-access (path umask gmask omask) (sys:path-test (s stat path) (let ((m s.mode) (euid (geteuid))) (cond - ((zerop euid) (or (zerop (logior umask s-ixusr)) + ((zerop euid) (or (zerop (logand umask s-ixusr)) (plusp (logand m (logior umask gmask omask))))) ((= euid s.uid) (plusp (logand m umask))) ((let ((g s.gid)) -- cgit v1.2.3