unix: check correct group in Faccessat

The Faccessat call checks the user, group, or other permission bits of a file to see if the calling process can access it. The test to see if the group permissions should be used was made with the wrong group id, using the process's group id rather than the file's group id. Fix this to use the correct group id. This change only affects Linux versions prior to 5.8. Linux 5.8 added the faccessat2 system call, which we use in preference to the internal implementation. No test since we cannot easily change file permissions when not running as root and the test is meaningless if running as root. For golang/go#52313 Change-Id: I6fa64379a50c9380207eab9d095ef7fbd05a2d59 Reviewed-on: https://go-review.googlesource.com/c/sys/+/400074 Run-TryBot: Damien Neil <dneil@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Ian Lance Taylor <iant@google.com>
golang · Apr 12, 2022 · 33da011 · 33da011
1 parent 889880a
commit 33da011
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/unix/syscall_linux.go b/unix/syscall_linux.go
@@ -2189,7 +2189,7 @@ func Faccessat(dirfd int, path string, mode uint32, flags int) (err error) {
 			gid = Getgid()
 		}
 
-		if uint32(gid) == st.Gid || isGroupMember(gid) {
+		if uint32(gid) == st.Gid || isGroupMember(int(st.Gid)) {
 			fmode = (st.Mode >> 3) & 7
 		} else {
 			fmode = st.Mode & 7