[exim-dev] [Bug 2995] New: dsearch should only require searc…

Top Page
Delete this message
Reply to this message
Author: admin
Date:  
To: exim-dev
Subject: [exim-dev] [Bug 2995] New: dsearch should only require search permission
https://bugs.exim.org/show_bug.cgi?id=2995

            Bug ID: 2995
           Summary: dsearch should only require search permission
           Product: Exim
           Version: 4.97
          Hardware: x86
                OS: All
            Status: NEW
          Severity: bug
          Priority: medium
         Component: Filters
          Assignee: unallocated@???
          Reporter: earl_chew@???
                CC: exim-dev@???


Created attachment 1443
--> https://bugs.exim.org/attachment.cgi?id=1443&action=edit
Use stat() rather than opendir()

This issue was also reported in https://bugs.exim.org/show_bug.cgi?id=2916 and
addressed along with other issues.

The comment in the implementation states:

> We open the directory to test whether it exists and whether it is searchable.


Using opendir() only requires that the directory is readable, and does not
verify that the directory is searchable.

Since the function should at least check existence (as stated in the comment),
this fix proposes to use stat() to:

* Verify that the name refers to a directory, or a symlink that resolves to a
directory
* Verify that the directory is searchable by referring to the directory via its
dot entry

Note that this proposed patch does not address the problem that the name is
removed, changed, or otherwise altered, after the check completes.

--
You are receiving this mail because:
You are on the CC list for the bug.