git-compat-util: work around for access(X_OK) under root

On AIX, access(X_OK) may succeed when run as root even if the execution isn't possible. This behavior is allowed by POSIX which says: ... for a process with appropriate privileges, an implementation may indicate success for X_OK even if execute permission is not granted to any user. It can lead hook programs to have their execution refused: git commit -m content fatal: cannot exec '.git/hooks/pre-commit': Permission denied Add NEED_ACCESS_ROOT_HANDLER in order to use an access helper function. It checks with stat if any executable flags is set when the current user is root. Signed-off-by: Clément Chigot <clement.chigot@atos.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
6 years ago · 400caafb2b
5 changed files with 52 additions and 2 deletions
--- a/8
+++ b/8
@ -439,6 +439,9 @@ all::
 #
 # Define FILENO_IS_A_MACRO if fileno() is a macro, not a real function.
 #
 # Define NEED_ACCESS_ROOT_HANDLER if access() under root may success for X_OK
 # even if execution permission isn't granted for any user.
 #
 # Define PAGER_ENV to a SP separated VAR=VAL pairs to define
 # default environment variables to be passed when a pager is spawned, e.g.
 #
@ -1815,6 +1818,11 @@ ifdef FILENO_IS_A_MACRO
 	COMPAT_OBJS += compat/fileno.o
 endif
 ifdef NEED_ACCESS_ROOT_HANDLER
 	COMPAT_CFLAGS += -DNEED_ACCESS_ROOT_HANDLER
 	COMPAT_OBJS += compat/access.o
 endif
 ifeq ($(TCLTK_PATH),)
 NO_TCLTK = NoThanks
 endif
--- a/compat/access.c
+++ b/compat/access.c
@ -0,0 +1,31 @@
 #define COMPAT_CODE_ACCESS
 #include "../git-compat-util.h"
 /* Do the same thing access(2) does, but use the effective uid,
 * and don't make the mistake of telling root that any file is
 * executable.  This version uses stat(2).
 */
 int git_access(const char *path, int mode)
 {
 	struct stat st;
 	/* do not interfere a normal user */
 	if (geteuid())
 		return access(path, mode);
 	if (stat(path, &st) < 0)
 		return -1;
 	/* Root can read or write any file. */
 	if (!(mode & X_OK))
 		return 0;
 	/* Root can execute any file that has any one of the execute
 	 * bits set.
 	 */
 	if (st.st_mode & (S_IXUSR | S_IXGRP | S_IXOTH))
 		return 0;
 	errno = EACCES;
 	return -1;
 }
--- a/compat/fileno.c
+++ b/compat/fileno.c
@ -1,4 +1,4 @@
-#define COMPAT_CODE
+#define COMPAT_CODE_FILENO
 #include "../git-compat-util.h"
 int git_fileno(FILE *stream)
--- a/config.mak.uname
+++ b/config.mak.uname
@ -270,6 +270,7 @@ ifeq ($(uname_S),AIX)
 	NEEDS_LIBICONV = YesPlease
 	BASIC_CFLAGS += -D_LARGE_FILES
 	FILENO_IS_A_MACRO = UnfortunatelyYes
 	NEED_ACCESS_ROOT_HANDLER = UnfortunatelyYes
 	ifeq ($(shell expr "$(uname_V)" : '[1234]'),1)
 		NO_PTHREADS = YesPlease
 	else
--- a/git-compat-util.h
+++ b/git-compat-util.h
@ -1236,12 +1236,22 @@ struct tm *git_gmtime_r(const time_t *, struct tm *);
 #ifdef FILENO_IS_A_MACRO
 int git_fileno(FILE *stream);
-# ifndef COMPAT_CODE
+# ifndef COMPAT_CODE_FILENO
 #  undef fileno
 #  define fileno(p) git_fileno(p)
 # endif
 #endif
 #ifdef NEED_ACCESS_ROOT_HANDLER
 int git_access(const char *path, int mode);
 # ifndef COMPAT_CODE_ACCESS
 #  ifdef access
 #  undef access
 #  endif
 #  define access(path, mode) git_access(path, mode)
 # endif
 #endif
 /*
 * Our code often opens a path to an optional file, to work on its
 * contents when we can successfully open it.  We can ignore a failure