git-compat-util: work around for access(X_OK) under root

On AIX, access(X_OK) may succeed when run as root even if the
execution isn't possible. This behavior is allowed by POSIX
which says:

  ... for a process with appropriate privileges, an implementation
  may indicate success for X_OK even if execute permission is not
  granted to any user.

It can lead hook programs to have their execution refused:

   git commit -m content
   fatal: cannot exec '.git/hooks/pre-commit': Permission denied

Add NEED_ACCESS_ROOT_HANDLER in order to use an access helper function.
It checks with stat if any executable flags is set when the current user
is root.

Signed-off-by: Clément Chigot <clement.chigot@atos.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
This commit is contained in:
Clément Chigot 2019-04-25 07:01:56 +00:00 committed by Junio C Hamano
parent ee662bf5c6
commit 400caafb2b
5 changed files with 52 additions and 2 deletions

View File

@ -439,6 +439,9 @@ all::
# #
# Define FILENO_IS_A_MACRO if fileno() is a macro, not a real function. # Define FILENO_IS_A_MACRO if fileno() is a macro, not a real function.
# #
# Define NEED_ACCESS_ROOT_HANDLER if access() under root may success for X_OK
# even if execution permission isn't granted for any user.
#
# Define PAGER_ENV to a SP separated VAR=VAL pairs to define # Define PAGER_ENV to a SP separated VAR=VAL pairs to define
# default environment variables to be passed when a pager is spawned, e.g. # default environment variables to be passed when a pager is spawned, e.g.
# #
@ -1815,6 +1818,11 @@ ifdef FILENO_IS_A_MACRO
COMPAT_OBJS += compat/fileno.o COMPAT_OBJS += compat/fileno.o
endif endif
ifdef NEED_ACCESS_ROOT_HANDLER
COMPAT_CFLAGS += -DNEED_ACCESS_ROOT_HANDLER
COMPAT_OBJS += compat/access.o
endif
ifeq ($(TCLTK_PATH),) ifeq ($(TCLTK_PATH),)
NO_TCLTK = NoThanks NO_TCLTK = NoThanks
endif endif

31
compat/access.c Normal file
View File

@ -0,0 +1,31 @@
#define COMPAT_CODE_ACCESS
#include "../git-compat-util.h"
/* Do the same thing access(2) does, but use the effective uid,
* and don't make the mistake of telling root that any file is
* executable. This version uses stat(2).
*/
int git_access(const char *path, int mode)
{
struct stat st;
/* do not interfere a normal user */
if (geteuid())
return access(path, mode);
if (stat(path, &st) < 0)
return -1;
/* Root can read or write any file. */
if (!(mode & X_OK))
return 0;
/* Root can execute any file that has any one of the execute
* bits set.
*/
if (st.st_mode & (S_IXUSR | S_IXGRP | S_IXOTH))
return 0;
errno = EACCES;
return -1;
}

View File

@ -1,4 +1,4 @@
#define COMPAT_CODE #define COMPAT_CODE_FILENO
#include "../git-compat-util.h" #include "../git-compat-util.h"
int git_fileno(FILE *stream) int git_fileno(FILE *stream)

View File

@ -270,6 +270,7 @@ ifeq ($(uname_S),AIX)
NEEDS_LIBICONV = YesPlease NEEDS_LIBICONV = YesPlease
BASIC_CFLAGS += -D_LARGE_FILES BASIC_CFLAGS += -D_LARGE_FILES
FILENO_IS_A_MACRO = UnfortunatelyYes FILENO_IS_A_MACRO = UnfortunatelyYes
NEED_ACCESS_ROOT_HANDLER = UnfortunatelyYes
ifeq ($(shell expr "$(uname_V)" : '[1234]'),1) ifeq ($(shell expr "$(uname_V)" : '[1234]'),1)
NO_PTHREADS = YesPlease NO_PTHREADS = YesPlease
else else

View File

@ -1236,12 +1236,22 @@ struct tm *git_gmtime_r(const time_t *, struct tm *);
#ifdef FILENO_IS_A_MACRO #ifdef FILENO_IS_A_MACRO
int git_fileno(FILE *stream); int git_fileno(FILE *stream);
# ifndef COMPAT_CODE # ifndef COMPAT_CODE_FILENO
# undef fileno # undef fileno
# define fileno(p) git_fileno(p) # define fileno(p) git_fileno(p)
# endif # endif
#endif #endif
#ifdef NEED_ACCESS_ROOT_HANDLER
int git_access(const char *path, int mode);
# ifndef COMPAT_CODE_ACCESS
# ifdef access
# undef access
# endif
# define access(path, mode) git_access(path, mode)
# endif
#endif
/* /*
* Our code often opens a path to an optional file, to work on its * Our code often opens a path to an optional file, to work on its
* contents when we can successfully open it. We can ignore a failure * contents when we can successfully open it. We can ignore a failure