Hello,
Frank Terbeck <f...@bewatermyfriend.org> skribis:
> [snip]
> % ls -ladn .
> drwx------ 11 1000 1000 4096 Feb 18 00:53 .
> [snap]
>
> In that directory and as root, I'm doing the following at guile's REPL:
>
> [snip]
> scheme@(guile-user)> (use-modules (ice-9 ftw))
> scheme@(guile-user)> (format #t "UID: ~d, EUID: ~d~%" (getuid) (geteuid))
> UID: 0, EUID: 0
> $1 = #t
> scheme@(guile-user)> (ftw "." (lambda (name stat flag)
> (format #t "~s: ~s~%" name flag)))
> ".": directory-not-readable
> $2 = #t
> [snap]
>
> The code treats root like a normal user, disregarding the fact that this
> particular users will be able to access any file or directory no matter
> the ownership or mode.
Indeed, that’s a bug. I believe this is fixed with this patch:
diff --git a/module/ice-9/ftw.scm b/module/ice-9/ftw.scm
index 9c9694f..133e9c9 100644
--- a/module/ice-9/ftw.scm
+++ b/module/ice-9/ftw.scm
@@ -259,7 +259,8 @@
(let* ((perms (stat:perms s))
(perms-bit-set? (lambda (mask)
(not (= 0 (logand mask perms))))))
- (or (and (= uid (stat:uid s))
+ (or (zero? uid)
+ (and (= uid (stat:uid s))
(perms-bit-set? #o400))
(and (= gid (stat:gid s))
(perms-bit-set? #o040))
However, that ‘ftw’ tries to do permission checks by itself is really a
flaw in the first place, IMO.
> Indeed, the ‘scandir’ routine from the same module will read the
> contents of that directory just fine.
I would recommend using ‘scandir’ or ‘file-system-fold’ from (ice-9 ftw)
for new code.
Thanks,
Ludo’.
