Avoid false negatice permission denied error message (#9046) #12507
Conversation
The unix implementation of cd fails with a permission error when classical unix permissions deny access to a directory, but additional mechanisms like ACLs actually grant the user access Fix this by miroring the windows implementation: if we can read_dir() without error => allow the cd to proceed. Addtionally we also handle the case where it is the other way round: unix permissions grant access but additional security modules (SElinux, apparmor, etc.) deny the current user/context.
|
That strategy of checking for failure instead sounds more sound to me. Our Can you look into which tests now fail? |
|
Hmm, well, looks like a case of "Damn, not as easy as it appeared at first". The failing test removes the execute permission from a directory and expects Doing the operation we actually want (chdir) instead of an approximate opertion is not a good idea either as it messes up the process state (and forking a child just for that seems very inefficient) I'll have to think about the some more, maybe there is another trick we can try |
|
Thanks for looking into this. That indeed sounds a bit unfortunate. As we may want to spawn external processes from different threads at any time, changing the process working directory seems indeed like a bad idea (if not carefully controlled). For reference fish can get by with (Marking the PR as draft) |
The unix implementation of cd fails with a permission error when classical unix permissions deny access to a directory, but additional mechanisms like ACLs actually grant the user access
Fix this by miroring the windows implementation: if we can read_dir() without error => allow the cd to proceed.
Addtionally we also handle the case where it is the other way round: unix permissions grant access but additional security modules (SElinux, apparmor, etc.) deny the current user/context.
fixes #9046