chris.umcp-cs@UDel-Relay (04/08/83)
From: Chris Torek <chris.umcp-cs@UDel-Relay> Emacs does not work correctly with setuid and setgid programs. Specifically, if a setuid or setgid program runs Emacs, and the Emacs user tries to read or write a file that is readable or writable by the setuid user (or setgid group), Emacs thinks that it cannot access the file, when, in fact, it can. This is because it uses the "access" system call, which is designed for programs that want to check the real user's permissions (i.e. setuid programs). This came up here when we wrote a setgid shell script to edit a file with locking, ala vipw. We took write permission off except for owner and group, and made a special group for the file and shell script. Running the shell script brings up your favorite editor on the file. Vi complains that the file is read-only, but given a ":w!" command writes the file. Emacs refused to write the file at all. Here is a new version of access(), as user-level code, which checks permissions based on the effective user/group IDs. access.c: /* User-mode version of access system call with one change: checks for effective user/group ID permission */ #include <sys/types.h> #include <sys/stat.h> #include <errno.h> extern errno; access (name, mode) char *name; register mode; { struct stat st; register uid, m; if (stat (name, &st)) return -1; /* File does not exist */ uid = geteuid (); if (uid == 0 || mode == 0) return 0; /* su, or just checking existence */ m = 0; if (mode & 1) m |= S_IEXEC; if (mode & 2) m |= S_IWRITE; if (mode & 4) m |= S_IREAD; if (st.st_uid != uid) { m >>= 3; if (st.st_gid != getegid ()) m >>= 3; } if ((st.st_mode & m) != m) { errno = EACCES; return -1; } return 0; }