| |
Home • About Us • A-Z Index • Search * Contact Us • Register • Login • Press • ShopThe Open Brand -- Problem Reporting and Interpretations System |
|
Problem Report 0306 Details
Show help | Quick Search | Submit a Test Suite Support Request | Click here to view your privileges
This page provides all information on Problem Report 0306.
Report 0306 Actions
Problem Report Number 0306 Submitter's Classification Specification problem State Resolved Resolution Permanent Interpretation (PIN) Problem Resolution ID PIN.X.0022 Raised 1994-03-17 08:00 Updated 2003-03-13 08:00 Published 1994-04-26 08:00 Product Standard Internationalised System Calls and Libraries (XPG4) Certification Program The Open Brand certification program Test Suite VSX4 version 4.3.3 Test Identification POSIX.os/files/chown 8,21 Specification System Interfaces and Headers Issue 4 Location in Spec See Problem Text Problem Summary PIN4.022 While participating in the Beta test phase of VSX+XNFS 4.3.3, an issue has been uncovered which we believe requires an interpretation. We reported this problem to the NFS support alias and they sugges... Problem Text
While participating in the Beta test phase of VSX+XNFS 4.3.3, an issue has
been uncovered which we believe requires an interpretation. We reported
this problem to the NFS support alias and they suggested that this issue
be submitted for interpretation.
The problem here is in the interpretation of the following text from XSH4
for the chown() interface:
"Changing the group ID is permitted to a process with an effective
user ID equal to the user ID of the file, but without appropriate
privileges, if and only if owner is equal to the file's user ID or
(uid_t) -1 and group is equal either to the calling process'
effective group ID or to one of its supplementary group IDs."
and:
[EPERM] The effective user ID does not match the owner of
the file, or the calling process does not have the
appropriate privileges.
The issue is what constitutes an attempt to change the ownership of a file
and under what circumstances the EPERM error should be returned.
If the group ID passed to chown() is the same as the current group of the
file, i.e. there is no attempt to actually *change* the group, then should
chown() set errno to EPERM, or just return successfully without doing anything.
Our implementation sets errno to EPERM when the user does not have the
required privileges to change the user or group of the file. On the other
hand, the literal interpretation suggests that EPERM should not be returned.
There is also the case when uid or gid is -1. Should this be treated the
same way?
Also from the NFS_support alias response to our original Beta error report:
NOTE: XSH4 also says:
"Upon successful completion, the chown() function will mark for update the
st_ctime field of the file."
Should the ctime value be updated if the caller's args are really no
change to owner or group, but did not have permission to do so if they
had?Test Output
************************************************************************
/tset/POSIX.os/files/chown/T.chown 8 Failed
Test Description:
When chown(path, .....) is granted search access to the path prefix of
path an EACCES error shall not occur.
Posix Ref: Component CHOWN Assertion 5.6.5.2-24(A)
Test Strategy:
VERIFY that process has suitable privileges
DETERMINE whether the use of chown is restricted using pathconf() with
_PC_CHOWN_RESTRICTED
DETERMINE whether the value of NGROUPS_MAX using sysconf() with
_SC_NGROUPS_MAX
DETERMINE whether chown() with appropriate privileges is permitted
from the environment variable VSX_PRIV_CHOWN_SUPP
CREATE directory with all permissions, but only search permission on
path prefix using do_access() - (tsetlib) and call function to do the
following:
CREATE file using crfile() - (genlib)
CLOSE file descriptor using close()
CHANGE the owner and group of the file using chown() with effective
group and user ids
VERIFY that chown() returned 0
OBTAIN file status information for file using stat()
VERIFY that the owner of the file is the effective user id and the
group of the file is the effective group
UNLINK file
DELETE files created by do_access() using cln_access() - (tsetlib)
Test Information:
chown(do_acc-no.d/do_acc-no.t/chown-t.8, 810, 84) failed - errno 1
(EPERM)
non-privileged process with effective uid = 810, gid = 79
owner/group of do_acc-no.d and do_acc-no.d/do_acc-no.t: 811/84
mode of do_acc-no.d: 01, mode of do_acc-no.d/do_acc-no.t: 07
chown(do_acc-au.d/do_acc-au.t/chown-t.8, 65534, 79) failed - errno 1
(EPERM)
non-privileged process with effective uid = 0, gid = 79
owner/group of do_acc-au.d and do_acc-au.d/do_acc-au.t: 0/79
mode of do_acc-au.d: 0100, mode of do_acc-au.d/do_acc-au.t: 0700
chown(do_acc-ao.d/do_acc-ao.t/chown-t.8, 65534, 84) failed - errno 1
(EPERM)
non-privileged process with effective uid = 0, gid = 79
owner/group of do_acc-ao.d and do_acc-ao.d/do_acc-ao.t: 811/84
mode of do_acc-ao.d: 01, mode of do_acc-ao.d/do_acc-ao.t: 07
************************************************************************
************************************************************************
/tset/POSIX.os/files/chown/T.chown 21 Unresolved
Test Description:
For the XNFS specification:
If the implementation supports the setting of the S_ISUID and
S_ISGID bits:
When a process with appropriate privileges calls chown() to
change the ownerships of a file on a remote file system and
the server maps the process's effective user ID and the call
is successful, then both the S_ISUID and S_ISGID bits in the
file's mode are cleared.
For the XSH specifcation:
Not in use.
Test Information:
chown(chown-t.21, 65534, 79) failed - errno 1 (EPERM)
************************************************************************Review Information
Review Type TSMA Review Start Date null Completed null Status Complete Review Recommendation No Resolution Given Review Response
The tests are designed to ensure that correct traversal of the path is
accomplished without an EACCES error occuring. In an attempt to complete the
chown() call without raising an error condition, the arguments to chown() are
such that the ownership of the file would not be changed. It seems that the
implementation under test verifies the authorisation to make a change before
(or possibly without) checking that a real change is to be made.
This seems to be an issue of precedence and, as such, would not be addressed
by the XSH4 definitions. I would recommend that a system which indicates an
EPERM error in the case that no change is requested by a process which does
not have the correct privilege to make a change be granted a permanent
interpretation.
With regard to the anciliary issue of the setting of the ctime field, the
XSH4 definition states that this will be marked for update if the call to
chown() completes successfully and remains unchanged if an error indication
is produced. In the case that no change is made to the owner or group of
the file and the call completes successfully, this may not be what is intended.
Again I would recommend that a system which returns successfully after a
request to make no change to the group ownership of a file be granted a
permanent interpretation irrespective of whether the time stamps have been
updated.
Review Type SA Review Start Date null Completed null Status Complete Review Resolution Permanent Interpretation (PIN) Review Conclusion
A permanent interpretation is granted.
Problem Reporting System Options:
- View Report 0306
- List All PRs
- Search Reports
- Email the System Administrator
- View the The Open Brand Interpretations Database User Manual
Contact the Certification Authority