What is the purpose of the call to access() in localtime.c?

Robert Elz kre at munnari.OZ.AU
Mon Dec 3 09:29:12 UTC 2007

    Date:        Sun, 2 Dec 2007 20:40:15 -0800
    From:        "Jonathan Leffler" <jonathan.leffler at gmail.com>
    Message-ID:  <844b8e1c0712022040v687119f2i4a2dc32f8fcb19d5 at mail.gmail.com>

  | The only reason I've thought of for why access() would fail where open()
  | might succeed is in a programming running with setuid (or setgid)
  | privileges, where access() would check the permissions using the real UID
  | (and GID) but open would be controlled by the effective UID (and GID).
  | However, it seems incorrect to prevent a setuid or setgid program from
  | working like that -- maybe the reason the program is setuid or setgid is to
  | permit it to access the time zone files.

No, that's exactly why it is like that - remember the time zone files can
be located from a user controlled environment variable, which can end up
aimed at any file at all - including files that the user should not have
permission to read.   Many suid programs use localtime() functions, any of
them could be made to read any file if that verification of permission were
not present.

As for the last part - anyone stupid enough to install the timezone data
in such a way that it needs enhanced privileges to read deserves to have
the programs all fail - there's no rationale whatever for protecting
public information from access by everyone.


More information about the tz mailing list