svn commit: r339920 - head/contrib/tzcode/stdtime

Tue, 30 Oct 2018 08:44:14 -0700 

Author: trasz
Date: Tue Oct 30 15:43:06 2018
New Revision: 339920
URL: https://svnweb.freebsd.org/changeset/base/339920

Log:
  Remove useless call to access(2) from tzcode.  Quoting OpenBSD:
  
  > Remove doaccess variable and access(2) call since this interfers with
  > applications like zdump(8) because pledge(2) doesn't allow access(2) to
  > /usr/share/zoneinfo.
  >
  > millert@ better described why this call can go away:
  >
  > "This looks like an attempt to do access checks based on the real uid 
instead
  > of the effective uid.  Basically for setuid programs we don't want to allow 
a
  > user to set TZ to a path they should not be able to otherwise access.
  >
  > However, we already have a check for issetugid() above so I think the 
doaccess
  > bits can just be removed and we can rely on open()."
  >
  > After discussion with tb@, deraadt@ and millert@, this was also OK'ed by 
them
  
  Reviewed by:  imp
  Obtained from:        OpenBSD
  MFC after:    2 weeks
  Sponsored by: DARPA, AFRL
  Differential Revision:        https://reviews.freebsd.org/D17701

Modified:
  head/contrib/tzcode/stdtime/localtime.c

Modified: head/contrib/tzcode/stdtime/localtime.c
==============================================================================
--- head/contrib/tzcode/stdtime/localtime.c     Tue Oct 30 15:39:33 2018        
(r339919)
+++ head/contrib/tzcode/stdtime/localtime.c     Tue Oct 30 15:43:06 2018        
(r339920)
@@ -398,7 +398,6 @@ register const int  doextend;
        if (name == NULL && (name = TZDEFAULT) == NULL)
                return -1;
        {
-               int     doaccess;
                struct stat     stab;
                /*
                ** Section 4.9.1 of the C standard says that
@@ -415,8 +414,7 @@ register const int  doextend;
 
                if (name[0] == ':')
                        ++name;
-               doaccess = name[0] == '/';
-               if (!doaccess) {
+               if (name[0] != '/') {
                        if ((p = TZDIR) == NULL) {
                                free(fullname);
                                return -1;
@@ -428,16 +426,7 @@ register const int doextend;
                        (void) strcpy(fullname, p);
                        (void) strcat(fullname, "/");
                        (void) strcat(fullname, name);
-                       /*
-                       ** Set doaccess if '.' (as in "../") shows up in name.
-                       */
-                       if (strchr(name, '.') != NULL)
-                               doaccess = TRUE;
                        name = fullname;
-               }
-               if (doaccess && access(name, R_OK) != 0) {
-                       free(fullname);
-                       return -1;
                }
                if ((fid = _open(name, OPEN_MODE)) == -1) {
                        free(fullname);
_______________________________________________
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Reply via email to