svn commit: r339920 - head/contrib/tzcode/stdtime

Edward Tomasz Napierala trasz at FreeBSD.org
Tue Oct 30 15:43:07 UTC 2018 

Author: trasz
Date: Tue Oct 30 15:43:06 2018
New Revision: 339920
URL: https://svnweb.freebsd.org/changeset/base/339920

Log:
  Remove useless call to access(2) from tzcode.  Quoting OpenBSD:
  
  > Remove doaccess variable and access(2) call since this interfers with
  > applications like zdump(8) because pledge(2) doesn't allow access(2) to
  > /usr/share/zoneinfo.
  >
  > millert@ better described why this call can go away:
  >
  > "This looks like an attempt to do access checks based on the real uid instead
  > of the effective uid.  Basically for setuid programs we don't want to allow a
  > user to set TZ to a path they should not be able to otherwise access.
  >
  > However, we already have a check for issetugid() above so I think the doaccess
  > bits can just be removed and we can rely on open()."
  >
  > After discussion with tb@, deraadt@ and millert@, this was also OK'ed by them
  
  Reviewed by:	imp
  Obtained from:	OpenBSD
  MFC after:	2 weeks
  Sponsored by:	DARPA, AFRL
  Differential Revision:	https://reviews.freebsd.org/D17701

Modified:
  head/contrib/tzcode/stdtime/localtime.c

Modified: head/contrib/tzcode/stdtime/localtime.c
==============================================================================
--- head/contrib/tzcode/stdtime/localtime.c	Tue Oct 30 15:39:33 2018	(r339919)
+++ head/contrib/tzcode/stdtime/localtime.c	Tue Oct 30 15:43:06 2018	(r339920)
@@ -398,7 +398,6 @@ register const int	doextend;
 	if (name == NULL && (name = TZDEFAULT) == NULL)
 		return -1;
 	{
-		int	doaccess;
 		struct stat	stab;
 		/*
 		** Section 4.9.1 of the C standard says that
@@ -415,8 +414,7 @@ register const int	doextend;
 
 		if (name[0] == ':')
 			++name;
-		doaccess = name[0] == '/';
-		if (!doaccess) {
+		if (name[0] != '/') {
 			if ((p = TZDIR) == NULL) {
 				free(fullname);
 				return -1;
@@ -428,16 +426,7 @@ register const int	doextend;
 			(void) strcpy(fullname, p);
 			(void) strcat(fullname, "/");
 			(void) strcat(fullname, name);
-			/*
-			** Set doaccess if '.' (as in "../") shows up in name.
-			*/
-			if (strchr(name, '.') != NULL)
-				doaccess = TRUE;
 			name = fullname;
-		}
-		if (doaccess && access(name, R_OK) != 0) {
-			free(fullname);
-		     	return -1;
 		}
 		if ((fid = _open(name, OPEN_MODE)) == -1) {
 			free(fullname);

More information about the svn-src-all mailing list