Bug 151 - flaw in primary group handling - unable to FAM files in some directories
: flaw in primary group handling - unable to FAM files in some directories
Status: RESOLVED FIXED
Product: fam
Classification: Unclassified
Component: fam
: unspecified
: All
: normal
: ---
Assigned To: Michael Wardle
:
http://bugs.debian.org/cgi-bin/bugrep...
:
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2002-06-02 19:54 CDT by Michael Wardle
Modified: 2002-07-15 18:50 CDT (History)
0 users

See Also:


Attachments
differences between Cred.c++ from 2.6.6 to 2.6.8 - biggest part of the required fix (13.02 KB, patch)
2002-07-15 16:30 CDT, Michael Wardle
Details | Diff
differences between Cred module in 2.6.6 and 2.6.8 - should contain all required changes (15.08 KB, patch)
2002-07-15 16:50 CDT, Michael Wardle
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Wardle 2002-06-02 19:54:38 CDT
A problem we noticed recently in IRIX seems to be related to the bug referenced
at the above URL.

When trying to FAM a directory the user should be able to read because he/she
belongs to a group that has read and execute permissions on the directory, the
user only gets an Exists and EndExist event because the user is denied permission.

For instance, on this directory:
drwxr-x--- jim users /users/shared

logged in as "bob" who is a member or group "users".

Bob will only get a Exists and EndExist event, instead of events for every file
inside /users/shared.

If the FAM daemon is running in debug mode, we notice:
fam[xxxx]: can't chdir("/users/shared"): Permission denied
Comment 1 Michael Wardle 2002-06-02 19:55:14 CDT
I've merged the IRIX groups code that we've been working on.  This should fix
the problem.
Comment 2 Michael Wardle 2002-06-02 21:00:47 CDT
This bug also makes it possible to learn names of files in root's group in some
instances as follows:
----------------------------------------
# ls -ld /root
drwxr-x--- ... root root ... /root
# fam

% groups | grep root

ERRONEOUS BEHAVIOR
% ./test -d /root
FAMMonitorDirectory("/root")
FAMMonitorDirectory("/root")
DIR  /root:   /root Exists
DIR  /root:   .gnome Exists
DIR  /root:   Desktop Exists
...

CORRECT BEHAVIOR
% ./test -d /root
FAMMonitorDirectory("/root")
FAMMonitorDirectory("/root")
DIR  /root:   /root Exists
DIR  /root:   /root EndExist
---------------------------------------- 
(% indicates a command run as an unprivileged user)
Comment 3 Michael Wardle 2002-07-15 16:30:48 CDT
Created attachment 35 [details]
differences between Cred.c++ from 2.6.6 to 2.6.8 - biggest part of the required fix
Comment 4 Michael Wardle 2002-07-15 16:50:44 CDT
Created attachment 36 [details]
differences between Cred module in 2.6.6 and 2.6.8 - should contain all required changes