Re: 2.8.0 and newly strict checking

From: Murray S. Kucherawy <msk_at_blackops.org>
Date: Mon, 4 Mar 2013 22:52:35 -0800 (PST)

On Mon, 4 Mar 2013, Doug Barton wrote:
>> if ((s.st_mode & (S_IRGRP|S_IWGRP)) != 0)
>>
>> If that test passes, then the password and group databases are checked
>> for any other users with the same gid as the file. If you remove
>> "S_IRGRP|" from that line, then the group read bit doesn't matter.
>
> Right, but if you look back at my OP you'd see that there are no group
> permissions at all, for the /var/db/opendkim directory or the files in it. I
> saw the tests, and I figured out _where_ it failed, what I don't understand
> is why.
>
> Like I said in my post earlier today, I suspect that the solution here is to
> skip the tests related to groups if there are no group permissions. But my
> time to review the code was limited.

I'm confused. If as you said there are no group permissions on files,
then the condition ((s.st_mode & (S_IRGRP|S_IWGRP)) != 0) fails, and the
tests related to groups are then skipped, which is what you asked for.

For directories, the test is for group write only, since "read" means
something else for directories.

Did you mean if there are no group permissions on a directory (especially
write and execute), then we can skip group checks below there? That's a
possibility.

-MSK
Received on Tue Mar 05 2013 - 06:52:50 PST