develooper Front page | perl.vmsperl | Postings from January 2002

Re: Privileges won't let me "opendir"?

Thread Previous | Thread Next
Craig A. Berry
January 30, 2002 13:30
Re: Privileges won't let me "opendir"?
Message ID:
At 02:06 PM 1/30/2002 -0500, Dan Sugalski wrote:
>At 11:55 AM -0600 1/30/02, Craig A. Berry wrote:
>>So there may well be 2 bugs here, one related to getting the wrong error
>>when we don't have privileges and one related to not getting access when we
>>do have privs.  It appears not to be opendir per se, but the access checking
>>routine, this based on the fact that the directory is not considered
>>readable even when BYPASS is enabled:
>I think it's stat()'s fault. 

Hmm.  If I don't have privs to read the directory, then stat() tells me it 
is not a directory.  So, yes, that appears to be a problem with stat().  
Perhaps in Perl_opendir() we should check access first and only attempt to 
determine if it's a directory after that.

If I do have privs to read the directory but only because I have SETPRV and 
have enabled BYPASS, then sys$check_access in cando_by_name() returns 
SS$_NOPRIV.  It probably just uses the default priv mask in the UAF and 
doesn't look at the current process privs.  I believe what needs to happen 
here is a call to sys$getjpiw to get the current process privs, then a call 
to sys$create_user_profile to create a user profile with those privs, and 
*then* a call to sys$check_access with the user profile rather than just the 
user name as we are currently doing.  Sigh.  Meanwhile bleadperl is not 
building because someone "improved" the Makefile.PL for Encode.

Thread Previous | Thread Next Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About