Closed
Description
The syscall.Faccessat function checks whether the calling process can access a file.
Faccessat contains a bug where it checks a file's group permission bits if the process's user is a member of the process's group rather than a member of the file's group.
go/src/syscall/syscall_linux.go
Line 112 in c9fe126
var fmode uint32
if uint32(uid) == st.Uid {
fmode = (st.Mode >> 6) & 7
} else {
var gid int
if flags&_AT_EACCESS != 0 {
gid = Getegid()
} else {
gid = Getgid()
}
if uint32(gid) == st.Gid || isGroupMember(gid) { // <-- this should be isGroupMember(st.Gid), not gid
fmode = (st.Mode >> 3) & 7
} else {
fmode = st.Mode & 7
}
}
Since a process's user is usually a member of the process's group, this causes Faccessat to usually check a file's group permissions even if the process's user is not a member of the file's group.
Thanks to @256dpi for reporting this.