Date: Sun, 2 Dec 2007 20:40:15 -0800 From: "Jonathan Leffler" <jonathan.leffler@gmail.com> Message-ID: <844b8e1c0712022040v687119f2i4a2dc32f8fcb19d5@mail.gmail.com> | The only reason I've thought of for why access() would fail where open() | might succeed is in a programming running with setuid (or setgid) | privileges, where access() would check the permissions using the real UID | (and GID) but open would be controlled by the effective UID (and GID). | However, it seems incorrect to prevent a setuid or setgid program from | working like that -- maybe the reason the program is setuid or setgid is to | permit it to access the time zone files. No, that's exactly why it is like that - remember the time zone files can be located from a user controlled environment variable, which can end up aimed at any file at all - including files that the user should not have permission to read. Many suid programs use localtime() functions, any of them could be made to read any file if that verification of permission were not present. As for the last part - anyone stupid enough to install the timezone data in such a way that it needs enhanced privileges to read deserves to have the programs all fail - there's no rationale whatever for protecting public information from access by everyone. kre