nix icon indicating copy to clipboard operation
nix copied to clipboard

Published 20 hours ago verified publisher icon nix-rust

Implement eaccess/faccessat on platforms that support it

Open Kixunil opened this issue 4 years ago • 2 comments
trafficstars

I need to check access with EUID in my application and perhaps instead of implementing it privately, upstreaming to nix would be nicer. Not sure if there should be an unified interface or a thin layer only wrapping each function for its respective platform.

I think having eaccess, which internally calls faccessat on Linux would make sense, but maybe having faccessat exposed too would be useful.

But why would you need eaccess? It's useless I have an application that runs as root but want to do a bunch of sanity checks during start. These checks include checking if certain files are accessible as other user (because the application may fork & setuid & exec later and the given user should have access to those files) and that they are not writable by unauthorized users (nobody) - similar to what SSH does.

Kixunil avatar Jan 12 '21 11:01 Kixunil

It would definitely be worthwhile to add faccessat. But eaccess can't do anything that faccessat can't do too, right?

asomers avatar Jan 13 '21 00:01 asomers

Correct. I'm not sure if faccessat is supported on every unix, probably not. I only checked Linux that has faccessat and doesn't have eaccess and randomly saw some BSD man page having both.

Kixunil avatar Jan 13 '21 08:01 Kixunil

But why would you need eaccess? It's useless I have an application that runs as root but want to do a bunch of sanity checks during start. These checks include checking if certain files are accessible as other user (because the application may fork & setuid & exec later and the given user should have access to those files) and that they are not writable by unauthorized users (nobody) - similar to what SSH does.

Sounds like you need access/faccessat instead of eaccess, cite the linux man page:

This allows set-user-ID programs and capability-endowed programs
       to easily determine the invoking user's authority.  In other
       words, access() does not answer the "can I read/write/execute
       this file?" question.  It answers a slightly different question:
       "(assuming I'm a setuid binary) can the user who invoked me
       read/write/execute this file?", which gives set-user-ID programs
       the possibility to prevent malicious users from causing them to
       read files which users shouldn't be able to read.

I only checked Linux that has faccessat and doesn't have eaccess

Linux (both glibc and musl) has eaccess(3)

But eaccess can't do anything that faccessat can't do too, right?

eaccess checks the permission using EUID while faccessat uses RUID, eaccess can do something that faccessat/access can't.

SteveLauC avatar Oct 10 '22 22:10 SteveLauC