Re: [PATCH] Allow globbing with unreadable parent directories

zsh-workers
 help / color / mirror / code / Atom feed

From: Bart Schaefer <schaefer@brasslantern.com>
To: Devin Hussey <husseydevin@gmail.com>
Cc: "zsh-workers@zsh.org" <zsh-workers@zsh.org>
Subject: Re: [PATCH] Allow globbing with unreadable parent directories
Date: Wed, 13 Jan 2021 20:04:06 -0800	[thread overview]
Message-ID: <CAH+w=7aoaGhVCqZQ6K+z0HqJg3agOav6bh6M_9pg464aAC+htQ@mail.gmail.com> (raw)
In-Reply-To: <CAEtFKssJVz9mr3vA_vY77m2bsrXWBKHz1qgv83jzeY0jLXzPjQ@mail.gmail.com>

On Wed, Jan 13, 2021 at 4:28 PM Devin Hussey <husseydevin@gmail.com> wrote:
>
> On Wed, Jan 13, 2021, 5:28 PM Bart Schaefer <schaefer@brasslantern.com> wrote:
>>
>> On Tue, Jan 12, 2021 at 7:04 PM Devin Hussey <husseydevin@gmail.com> wrote:
>> >
>> > POSIX specifies that when globbing, parent directories only have to be
>> > searchable, not readable.
>>
>> Lack of search permission only means that you can't tell what kind of
>> file "somefile" is (you can't read its inode data, e.g., stat() it),
>> not that you can't see the name itself.
>
> This matches the behavior of the "pure" globber, POSIX, and literally every other shell.

I tried the same test cases with "bash" and it behaved like
(unpatched) zsh.  Again, can you show me a counter-example?

> Case insensitivity should not change the output due to file permissions.

If that were a property of the filesystem, as for example on MacOS,
then I agree with you.

It's less clear when the filesystem is case-sensitive.  Why should
(#i)file not be the same as [Ff][Ii][Ll][Ee] ?

> opendir(fn) will also fail if the "folder" is a file.

Sure, but so might access(R_OK) ... and access(X_OK) might succeed on a file.

>> As far as I can tell, the patch
>> would only cause globbing to fail in more cases, not succeed where it
>> previously did not.
>
> No, that is definitely not the case.
>
> opendir() would fail if either R_OK or X_OK was false, causing unreadable folders to be a false negative.

I don't think that's true.  opendir() is fine with only R_OK.  Again,
try "ls" on a directory having mode 444.

What you cannot do is "ls -l parent/child" when parent is not searchable.

The actual problem is that PAT_PURES is never true when NO_CASE_GLOB
is set.  That means scanner() always passes through the branch that
attempts zreaddir()+pattry(), which fails when there is an unreadable
directory.  I'm not immediately sure how to fix that without
introducing a bug/vulnerability where a filename could be constructed
such that it literally matches the internal representation of a glob
pattern.

next prev parent reply	other threads:[~2021-01-14  4:04 UTC|newest]

Thread overview: 21+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-01-13  3:04 Devin Hussey
2021-01-13 22:27 ` Bart Schaefer
2021-01-14  0:27   ` Devin Hussey
2021-01-14  1:32     ` Lawrence Velázquez
2021-01-14  2:22       ` Devin Hussey
2021-01-14  2:24         ` Devin Hussey
2021-01-17 17:22       ` Daniel Shahaf
2021-01-17 18:02         ` Bart Schaefer
2021-01-17 18:23           ` Bart Schaefer
2021-01-14  4:04     ` Bart Schaefer [this message]
2021-01-14  5:57       ` NO_CASE_GLOB and unreadable directories (Episode VI: A New Hope) Bart Schaefer
2021-01-14 18:56         ` Bart Schaefer
2021-01-25  0:52         ` Bart Schaefer
2021-01-25 14:05           ` Peter Stephenson
2021-02-05  5:53             ` Bart Schaefer
2021-02-06 12:31               ` Daniel Shahaf
2021-03-27 17:31           ` Lawrence Velázquez
2021-04-10 20:56             ` Lawrence Velázquez
2021-04-10 21:22               ` Bart Schaefer
2021-04-13 11:46                 ` Daniel Shahaf
2021-04-13 21:33                   ` Bart Schaefer

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAH+w=7aoaGhVCqZQ6K+z0HqJg3agOav6bh6M_9pg464aAC+htQ@mail.gmail.com' \
    --to=schaefer@brasslantern.com \
    --cc=husseydevin@gmail.com \
    --cc=zsh-workers@zsh.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

Code repositories for project(s) associated with this public inbox

	https://git.vuxu.org/mirror/zsh/

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).