kmx git

fchownat: fix security races and other bugs

This fixes some unlikely security races,
where our “no-op” chmod undid some other process’s chmod.
Ironically this bug occurred on OpenBSD, our most paranoid target.
This patch also fixes some EOVERFLOW bugs,
along with a performance bug and a CHOWN_CHANGE_TIME_BUG with fchownat.
* lib/chown.c, lib/fchownat.c, lib/lchown.c:
Remove unnecessary inconsistencies.
Include stat-time.h.
(CHOWN_CHANGE_TIME_BUG, CHOWN_FAILS_TO_HONOR_ID_OF_NEGATIVE_ONE)
(CHOWN_MODIFIES_SYMLINK, CHOWN_TRAILING_SLASH_BUG):
Default to 0, and prefer ‘if (...)’ to ‘#ifdef ...’.
(utimensat) [!HAVE_UTIMENSAT]: Default to a no-op.
(rpl_chown, rpl_fchownat, rpl_lchown):
Prefer ‘if (...)’ to ‘#ifdef ...’.
Statically, call the stat-like and chown-like functions just once.
Do not fail if the stat-like function fails with EOVERFLOW,
if existence is all we care about.
Use utimensat to update ctime, instead of a chmod-like function.
* lib/fchownat.c (rpl_fchownat): Defend against OpenBSD’s
CHOWN_CHANGE_TIME_BUG.  This bug in rpl_fchownat was exposed by
yesterday’s fix that caused rpl_fchownat to call fchownat instead
of using the tricky old fork/chdir business.
* m4/chown.m4 (gl_FUNC_CHOWN):
Check for utimensat if the ctime bug is present.
* modules/chown, modules/lchown, modules/fchownat:
(Depends-on): Add stat-time.
kc3-lang/gnulib/modules/lchown

Commit

modules/lchown
