| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We don't want to behave like the access function, which is
intended for use in setuid programs to determine what the
original user can access.
The purpose of safepath_check is to check whether the
filesystem can harm the caller. For that, the effective
identity that is being wielded should be used.
A setuid executable might have a real user ID bob,
but effective root. Root does not trust bob; root
doesn't want to follow a symlink controlled by bob.
* safepath.c (safe_group, tamper_proof): Replace getuid
calls with geteuid.
* README.md: Updated text.
|
