Check using effective UID, not real.

We don't want to behave like the access function, which is
intended for use in setuid programs to determine what the
original user can access.

The purpose of safepath_check is to check whether the
filesystem can harm the caller. For that, the effective
identity that is being wielded should be used.

A setuid executable might have a real user ID bob,
but effective root. Root does not trust bob; root
doesn't want to follow a symlink controlled by bob.

* safepath.c (safe_group, tamper_proof): Replace getuid
calls with geteuid.

* README.md: Updated text.

0 files changed, 0 insertions, 0 deletions