Re: 2.8.0 and newly strict checking
On 03/04/2013 10:52 PM, Murray S. Kucherawy wrote:
> On Mon, 4 Mar 2013, Doug Barton wrote:
>>> if ((s.st_mode & (S_IRGRP|S_IWGRP)) != 0)
>>>
>>> If that test passes, then the password and group databases are checked
>>> for any other users with the same gid as the file. If you remove
>>> "S_IRGRP|" from that line, then the group read bit doesn't matter.
>>
>> Right, but if you look back at my OP you'd see that there are no group
>> permissions at all, for the /var/db/opendkim directory or the files in
>> it. I saw the tests, and I figured out _where_ it failed, what I don't
>> understand is why.
>>
>> Like I said in my post earlier today, I suspect that the solution here
>> is to skip the tests related to groups if there are no group
>> permissions. But my time to review the code was limited.
>
> I'm confused. If as you said there are no group permissions on files,
> then the condition ((s.st_mode & (S_IRGRP|S_IWGRP)) != 0) fails, and the
> tests related to groups are then skipped, which is what you asked for.
I agree that seems to be what should happen. What actually _did_ happen
is that the tests for the directories passed, but when it got to the
test for the file itself it failed on "does the group that this file has
permissions for have members other than myself?" test; in spite of the
fact that the file is mode 0600.
Thus, I rather strongly suspect that there is a bug somewhere, but I was
not able to unravel where.
> For directories, the test is for group write only, since "read" means
> something else for directories.
It wasn't the directory test, it was the file test.
> Did you mean if there are no group permissions on a directory
> (especially write and execute), then we can skip group checks below
> there?
I think the same logic should be applied to directories and files. If
there are no group permissions, the group tests should be skipped. I
don't see why directories should be a special case if there are no
permissions for them at all.
Doug
Received on Tue Mar 05 2013 - 07:21:33 PST
This archive was generated by hypermail 2.3.0
: Tue Mar 05 2013 - 07:27:01 PST