Subject: Re: standards/19209: test(1)'s -r, -w, and -x don't match POSIX for root (or 4.4BSD, or even V7)
To: David Laight <david@l8s.co.uk>
From: Greg A. Woods <woods@weird.com>
List: netbsd-bugs
Date: 11/30/2002 16:26:19
[ On Saturday, November 30, 2002 at 09:06:36 (+0000), David Laight wrote: ]
> Subject: Re: standards/19209: test(1)'s -r, -w, and -x don't match POSIX for root (or 4.4BSD, or even V7)
>
> > + #if defined(SHELL)
> > + extern void * ckmalloc(size_t);
> > + #else
> 
> Bung that in bltin.h

Go for it!  ;-)  (if you do you'll see it's not quite that simple)

(FYI the changes for -DSHELL are in the style of previous changes, not
in the ideal way I would have done them -- in the end they are
reasonably unobtrusive while still being viable.)

> > + static void * ckmalloc(size_t);
> 
> Not needed for static function

Tell that to the compiler -- i.e. to GCC in particular, and more
specifically the version used by various NetBSDs, not me.  If I were to
rule on this I'd say prototypes are not necessary or even allowed:  use
lint!  (C prototypes are a bad implementation of a poorly concieved idea
that does not have the desired effect unless it's so stringently forced
that people baulk at it in the way you have.  In the mean while the
standard parameter promotion rules of traditional C are violated and old
code cannot just be recompiled with new compilers.  but that's a whole
other debate... :-)

> > + static void *
> > + ckmalloc(size_t nbytes)
> > + {
> > + 	void *p = malloc(nbytes);
> > + 
> > + 	if (!p)
> > + 		error("Not enough memory!");
> > + 	return p;
> > + }
> > + #endif
> 
> It would be traditional to let the test program core dump
> if malloc fails!

Hah.  You're no help!   ;-)

(what's most important here though is to be compatible with use in
/bin/sh as a built-in function, and if my login shell dies a horrible
death when I run it out of memory, instead of just reporting an error
and giving me my prompt back, all because you deem error checking
unnecessary, then you're in very big trouble!  :-))

> So bltin.h should probably #define malloc chmalloc, although
> making it use the shells 'stack' memory allocater might save
> memory leaks...

"Not my concern."  This is test/test.c, not sh/bltin/test.c after all.
It seems the rule for this program is to only cater as much as necessary
to the APIs used by src/bin/sh/* so that this code can be shared as a
built-in function for /bin/sh.

> > + 	euid = geteuid();
> > + 	if (euid == 0)
> 
> I don't think userspace ought to be checking for 'appropriate
> privileges' by checking uid == 0.  It is currently true for
> netbsd but isn't portably true.

Huh!?!?!?  We _are_ talking specifically and only about the NetBSD
implementation of 'test' here, not some portable one.  POSIX explicitly
allows the implementation to define how "privilege" is tested.  In UNIX
this has always been done, in both userland and in the kernel, by
testing for euid==0 -- there is no other possible way in unix since
there is no other definition of "privilege".

> I haven't considered what 'test -r/w/x' should return!

I have -- that was the _entire_ point here after all.

> access() certainly 'does what you want' for -x.

"does NOT" -- especially not for root.  (and _never_ did -- which is, I
believe, the entire point behind the wording in 1003.2-1992, though the
rationale is "incomplete" and does not explain this difference with the
original SVID Issue #1)

-- 
								Greg A. Woods

+1 416 218-0098;            <g.a.woods@ieee.org>;           <woods@robohack.ca>
Planix, Inc. <woods@planix.com>; VE3TCP; Secrets of the Weird <woods@weird.com>