From nobody@www.freebsd.org  Sat Jun  1 21:31:33 2002
Return-Path: <nobody@www.freebsd.org>
Received: from nwww.freebsd.org (www.FreeBSD.org [216.136.204.117])
	by hub.freebsd.org (Postfix) with ESMTP id 0A5FB37B404
	for <freebsd-gnats-submit@FreeBSD.org>; Sat,  1 Jun 2002 21:31:33 -0700 (PDT)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by nwww.freebsd.org (8.12.2/8.12.2) with ESMTP id g524VWhG061180
	for <freebsd-gnats-submit@FreeBSD.org>; Sat, 1 Jun 2002 21:31:32 -0700 (PDT)
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.12.2/8.12.2/Submit) id g524VWgS061179;
	Sat, 1 Jun 2002 21:31:32 -0700 (PDT)
Message-Id: <200206020431.g524VWgS061179@www.freebsd.org>
Date: Sat, 1 Jun 2002 21:31:32 -0700 (PDT)
From: Pat Young <pyoung@oraclesb.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: if [ -w filename ] incorrectly returns results when run as root and testing non-writeable files.
X-Send-Pr-Version: www-1.0

>Number:         38818
>Category:       bin
>Synopsis:       if [ -w filename ] incorrectly returns results when run as root and testing non-writeable files.
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Jun 02 02:40:14 PDT 2002
>Closed-Date:    Mon Jun 03 02:59:57 PDT 2002
>Last-Modified:  Mon Jun 03 02:59:57 PDT 2002
>Originator:     Pat Young
>Release:        4.6-RC
>Organization:
NetLedger, Inc.
>Environment:
FreeBSD beast.netledger.com 4.6-RC FreeBSD 4.6-RC #8: Thu May 16 23:34:27 PDT 2002 xdice@beast.netledger.com:/usr/obj/usr/src/sys/BEAST  i386

>Description:
While writing a small shell script to test to see if a file was writable, I found that when running the script as root, and incorrect result was returned.  As a normal user, the script works.  As root, however, even testing a file that is chmod 400 results in an incorrect test.

I've tested with with bash from ports, and /bin/sh - same behavior.  Linux fails in the same fashion, but Solaris works just fine (returns the expected result, which would be nothing.), regardless of shell.


>How-To-Repeat:
# if [ -w netsaintize ]
> then
> ls -l netsaintize
> fi
-r--------  1 root  wheel  0 Jun  1 21:02 netsaintize
#
>Fix:

>Release-Note:
>Audit-Trail:

From: Peter Pentchev <roam@ringlet.net>
To: Pat Young <pyoung@oraclesb.com>
Cc: bug-followup@FreeBSD.org
Subject: Re: bin/38818: if [ -w filename ] incorrectly returns results when run as root and testing non-writeable files.
Date: Mon, 3 Jun 2002 11:03:40 +0300

 On Sat, Jun 01, 2002 at 09:31:32PM -0700, Pat Young wrote:
 > 
 > >Number:         38818
 > >Category:       bin
 > >Synopsis:       if [ -w filename ] incorrectly returns results when run as root and testing non-writeable files.
 > >Originator:     Pat Young
 > >Release:        4.6-RC
 > >Organization:
 > NetLedger, Inc.
 > >Environment:
 > FreeBSD beast.netledger.com 4.6-RC FreeBSD 4.6-RC #8: Thu May 16 23:34:27 PDT 2002 xdice@beast.netledger.com:/usr/obj/usr/src/sys/BEAST  i386
 > 
 > >Description:
 > While writing a small shell script to test to see if a file was writable, I found that when running the script as root, and incorrect result was returned.  As a normal user, the script works.  As root, however, even testing a file that is chmod 400 results in an incorrect test.
 > 
 > I've tested with with bash from ports, and /bin/sh - same behavior.  Linux fails in the same fashion, but Solaris works just fine (returns the expected result, which would be nothing.), regardless of shell.
 > 
 > 
 > >How-To-Repeat:
 > # if [ -w netsaintize ]
 > > then
 > > ls -l netsaintize
 > > fi
 > -r--------  1 root  wheel  0 Jun  1 21:02 netsaintize
 > #
 
 IMO, this is not a failure, but the expected result.  What 'test -w'
 tests is not file permissions, but the actual access permissions.  Even
 if the file permissions do not allow the owner to write to it,
 Unix-based OS's have historically allowed the super-user to write to any
 local file, unless other considerations kick in - physically
 write-protected media, read-only mounts, etc.
 
 Just as a test:
 
 Script started on Mon Jun  3 11:00:45 2002
 Setting up interactive shell params..
 [root@straylight:p9 /home/roam/tmp]# mkdir nettest
 [root@straylight:p9 /home/roam/tmp]# cd nettest
 [root@straylight:p9 /home/roam/tmp/nettest]# touch nettest
 [root@straylight:p9 /home/roam/tmp/nettest]# chmod 400 nettest
 [root@straylight:p9 /home/roam/tmp/nettest]# if [ -w nettest ]; then ls -l nettest; fi
 -r--------  1 root  users  0  3  11:00 nettest
 [root@straylight:p9 /home/roam/tmp/nettest]# echo unf > nettest
 [root@straylight:p9 /home/roam/tmp/nettest]# cat nettest
 unf
 [root@straylight:p9 /home/roam/tmp/nettest]# exit
 exit
 
 Script done on Mon Jun  3 11:01:15 2002
 
 As you can see, 'test -w' reported the file as writable, and then a
 write did, indeed, succeed.
 
 In my opinion, this PR may be closed, as 'test -w' only Does The Right
 Thing(tm) - the super-root *is* allowed to write to the file :)
 
 G'luck,
 Peter
 
 -- 
 Peter Pentchev	roam@ringlet.net	roam@FreeBSD.org
 PGP key:	http://people.FreeBSD.org/~roam/roam.key.asc
 Key fingerprint	FDBA FD79 C26F 3C51 C95E  DF9E ED18 B68D 1619 4553
 When you are not looking at it, this sentence is in Spanish.
State-Changed-From-To: open->closed 
State-Changed-By: roam 
State-Changed-When: Mon Jun 3 02:57:35 PDT 2002 
State-Changed-Why:  
The submitter, in a private e-mail message, reported his satisfaction 
with the explanation that 'test -w' checks for actual access rights and 
not just file permissions. 

Still, thanks for your effors towards improving FreeBSD by reporting 
what you considered a genuine problem! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=38818 
>Unformatted:
