Re: bin/59449: which(1) / whereis(1) fails if the euid/egid != uid/gid

To: gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost,jschauma%netmeister.org@localhost
Subject: Re: bin/59449: which(1) / whereis(1) fails if the euid/egid != uid/gid
From: "Jan Schaumann via gnats" <gnats-admin%NetBSD.org@localhost>
Date: Fri, 30 May 2025 21:30:02 +0000 (UTC)

The following reply was made to PR bin/59449; it has been noted by GNATS.

From: Jan Schaumann <jschauma%netmeister.org@localhost>
To: gnats-bugs%netbsd.org@localhost
Cc: 
Subject: Re: bin/59449: which(1) / whereis(1) fails if the euid/egid !=
 uid/gid
Date: Fri, 30 May 2025 17:28:49 -0400

 Possible fix?
 
 Index: whereis.c
 ===================================================================
 RCS file: /cvsroot/src/usr.bin/whereis/whereis.c,v
 retrieving revision 1.21
 diff -u -p -r1.21 whereis.c
 --- whereis.c	17 Oct 2008 10:53:26 -0000	1.21
 +++ whereis.c	30 May 2025 21:27:40 -0000
 @@ -48,12 +48,22 @@ __RCSID("$NetBSD: whereis.c,v 1.21 2008/
  
  #include <err.h>
  #include <errno.h>
 +#include <fcntl.h>
  #include <stdio.h>
  #include <stdlib.h>
  #include <string.h>
  #include <unistd.h>
  
  static void usage(void) __dead;
 +static int checkAccess(const char *, int);
 +
 +int
 +checkAccess(const char *p, int checke) {
 +	if (checke)
 +		return faccessat(AT_FDCWD, p, X_OK, AT_EACCESS);
 +
 +	return access(p, X_OK);
 +}
  
  int
  main(int argc, char *argv[])
 @@ -67,12 +77,10 @@ main(int argc, char *argv[])
  	int useenvpath = which, found = 0;
  	gid_t egid = getegid();
  	uid_t euid = geteuid();
 +	gid_t gid = getgid();
 +	uid_t uid = getuid();
  
 -	/* To make access(2) do what we want */
 -	if (setgid(egid) == -1)
 -		err(1, "Can't set gid to %lu", (unsigned long)egid);
 -	if (setuid(euid) == -1)
 -		err(1, "Can't set uid to %lu", (unsigned long)euid);
 +	int checke = ((egid != gid) || (euid != uid));
  
  	while ((ch = getopt(argc, argv, "ap")) != -1)
  		switch (ch) {
 @@ -117,7 +125,7 @@ main(int argc, char *argv[])
  				continue; /* next argv */
  			if (!S_ISREG(sb.st_mode))
  				continue; /* next argv */
 -			if (access(*argv, X_OK) == -1)
 +			if (checkAccess(*argv, checke) == -1)
  				continue; /* next argv */
  			(void)printf("%s\n", *argv);
  			found++;
 @@ -142,7 +150,7 @@ main(int argc, char *argv[])
  				continue; /* next p */
  			if (!S_ISREG(sb.st_mode))
  				continue; /* next p */
 -			if (access(path, X_OK) == -1)
 +			if (checkAccess(path, checke) == -1)
  				continue; /* next p */
  			(void)printf("%s\n", path);
  			found++;

Prev by Date: bin/59449: which(1) / whereis(1) fails if the euid/egid != uid/gid
Next by Date: Re: bin/59449: which(1) / whereis(1) fails if the euid/egid != uid/gid
Previous by Thread: bin/59449: which(1) / whereis(1) fails if the euid/egid != uid/gid
Next by Thread: Re: bin/59449: which(1) / whereis(1) fails if the euid/egid != uid/gid
Indexes:

Home | Main Index | Thread Index | Old Index