https://bugs.exim.org/show_bug.cgi?id=2995
Bug ID: 2995
Summary: dsearch should only require search permission
Product: Exim
Version: 4.97
Hardware: x86
OS: All
Status: NEW
Severity: bug
Priority: medium
Component: Filters
Assignee: unallocated@???
Reporter: earl_chew@???
CC: exim-dev@???
Created attachment 1443
-->
https://bugs.exim.org/attachment.cgi?id=1443&action=edit
Use stat() rather than opendir()
This issue was also reported in
https://bugs.exim.org/show_bug.cgi?id=2916 and
addressed along with other issues.
The comment in the implementation states:
> We open the directory to test whether it exists and whether it is searchable.
Using opendir() only requires that the directory is readable, and does not
verify that the directory is searchable.
Since the function should at least check existence (as stated in the comment),
this fix proposes to use stat() to:
* Verify that the name refers to a directory, or a symlink that resolves to a
directory
* Verify that the directory is searchable by referring to the directory via its
dot entry
Note that this proposed patch does not address the problem that the name is
removed, changed, or otherwise altered, after the check completes.
--
You are receiving this mail because:
You are on the CC list for the bug.
