[DragonFlyBSD - Bug #2817] (New) Permission checking for utimes(2) and friends are not properly honoured

bugtracker-admin at leaf.dragonflybsd.org bugtracker-admin at leaf.dragonflybsd.org
Thu May 21 07:59:19 PDT 2015


Issue #2817 has been reported by stateless.

----------------------------------------
Bug #2817: Permission checking for utimes(2) and friends are not properly honoured
http://bugs.dragonflybsd.org/issues/2817

* Author: stateless
* Status: New
* Priority: Normal
* Assignee: 
* Category: Kernel
* Target version: 
----------------------------------------
Changing the access and modification times of a file to anything other than
the current time can only be done by the owner of the file or the super-user as per
POSIX.

At present it is possible to do so just by having write access to the file.

A simple example follows:

touch foo; chown root:user foo; chmod 664 foo; touch -t 200805101024 foo

The last operation should normally fail.

I noticed this as part of my work on adding support for utimensat().  I believe
the fix can be consolidated outside of the implementation of the utimes/utimensat
system calls.




-- 
You have received this notification because you have either subscribed to it, or are involved in it.
To change your notification preferences, please click here: http://bugs.dragonflybsd.org/my/account



More information about the Bugs mailing list