New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
possible uid/gid confusion #1172
Comments
Fixed with fc78a13 |
I honestly don't understand either the new or the old code. My understanding of groups in Linux:
Am I totally confused? |
My understanding of how this works is slightly different, a simple example:
so this file is owned by user 'robertle' and group 'devgrp'. permissions for the user are 'rw-', for the group 'rw-' and for all other users 'r--'. so it would be writable by 'robertle', which is what the statbuf.st_uid == geteuid() line checks for. it is also writable by all users in the 'devgrp' group, I suspect that's what the getegid line is trying to check, but it does compare to the user-owner of the file, which seems like a (now fixed) bug. you are correct though that getegid() returns one group id, but the caller could be in multiple groups. so instead of getegid() we should use group_member() or something like that! |
@robertlemmen Can you have a look at whether PR #1193 fixed this issue completely? |
the PR looks good to me, and fixes the one problem I could see. but I never had a full set of tests or any way to really verify the behavior... |
while trying to understand build failures with libuv 1.30.1, I came across this (unrelated to the failure) code in src/io/fileops.c:
I am pretty certain that the comparison with getegid() should be with statbuf.st_gid
The text was updated successfully, but these errors were encountered: