From: Dmitry V. L. <ld...@al...> - 2009-09-17 22:59:27
|
>From one side, access(2) is not reliable by definition. According to specification, access(2) uses process's real UID and GID instead of effective IDs, and it ignores process capabilities. Consequently, privileged process with unprivileged real IDs should not use access(2) to check its access to files. >From another side, the access(2) directory check looks redundant because the directory is opened right below using opendir(3). --- I checked the source to ensure that FT_NOOPEN is handled the same way as FT_NOACCESS, so this change should not break things due to changes in code paths. bacula/src/findlib/find_one.c | 18 ------------------ 1 files changed, 0 insertions(+), 18 deletions(-) diff --git a/bacula/src/findlib/find_one.c b/bacula/src/findlib/find_one.c index 36cfa6c..2e63855 100644 --- a/bacula/src/findlib/find_one.c +++ b/bacula/src/findlib/find_one.c @@ -559,24 +559,6 @@ find_one_file(JCR *jcr, FF_PKT *ff_pkt, bool volhas_attrlist = ff_pkt->volhas_attrlist; /* Remember this if we recurse */ /* - * If we are using Win32 (non-portable) backup API, don't check - * access as everything is more complicated, and - * in principle, we should be able to access everything. - */ - if (!have_win32_api() || (ff_pkt->flags & FO_PORTABLE)) { - if (access(fname, R_OK) == -1 && geteuid() != 0) { - /* Could not access() directory */ - ff_pkt->type = FT_NOACCESS; - ff_pkt->ff_errno = errno; - rtn_stat = handle_file(jcr, ff_pkt, top_level); - if (ff_pkt->linked) { - ff_pkt->linked->FileIndex = ff_pkt->FileIndex; - } - return rtn_stat; - } - } - - /* * Ignore this directory and everything below if the file .nobackup * (or what is defined for IgnoreDir in this fileset) exists */ -- 1.6.4.4 -- ldv |