[Discuss] really odd GCC bug? under Ubuntu

Derek Martin invalid at pizzashack.org
Mon May 13 15:45:15 EDT 2013 

On Sat, May 11, 2013 at 01:50:39PM -0400, Richard Pieri wrote:
> Bill Bogstad wrote:
> > # chmod 0 /usr/local
> 
> Yeah, that doesn't do what you think it does.  It makes /usr/local
> unreadable but it doesn't make /usr/local/bin unreadable. 

HUH?  Yes, it does.  chmod 0 = chmod 0000.  No permissions to that
directory or anything under it.  You can't get past that unless you're
root (or equivalent), no matter what the permissions of things under
that are.  Even if you own the directory (unless of course you change
the permissions).

> It's the way that execute and read permissions on directories interact.

No, it isn't... not if the perms are 0.

You're confusing this with making a directory executable, but not
readable, and/or making a file executable, but not readable.  In the
former case, you can execute programs in the directory, and you can cd
into it, but you can not list the contents of it.  In the latter case,
you can excecute binary programs, but not scripts (which require read
access as the interpreter--which runs with the user's permissions, not
the kernel's--must read them).  You can not open such a file for
read.  Conversely, the case of read but not execute is obvious for
files, and for dirs you can list the contents of the dir but not cd
into it or execute files in it.

If perms of 0 did not restrict ALL access to a directory and
everything under it, then securing a unix file system would be
exceedingly tedious and error prone.  It behaves this way, because it
MUST, practically speaking.

> Things get weird if you remove one but not the other from a directory.

No, they don't.  The behavior (though a bit esoteric) is
well-documented and consistent across POSIX-compliant Unix flavors,
and to the best of my knowledge has not changed in at least 20 years,
and AFAIK ever, possibly excepting non-compliant oddball Unix
variants.

> When you remove both, well, behavior isn't consistent across different
> Unixes and Linux kernels. 

Yes, it is.  You will get EACCESS (permission denied).  On every
version of Linux, and every Unix that complies to POSIX.  And AFAIK,
every mainstream version of Unix that existed before that.  

It's possible some of the subtle details (like whether or not you can
stat() a file in a directory, depending on whether r or x is set on
the directory) have changed (though I don't believe so, I believe
execute has always been required for stat()), but in practice those
details are not relevant to this discussion, except perhaps for those
interested in historical trivia.  They don't affect any of the
behavior I described above.

-- 
Derek D. Martin    http://www.pizzashack.org/   GPG Key ID: 0xDFBEAD02
-=-=-=-=-
This message is posted from an invalid address.  Replying to it will result in
undeliverable mail due to spam prevention.  Sorry for the inconvenience.

More information about the Discuss mailing list