libsandbox: skip checking access() without W_OK or R_OK mode

If access/faccessat is called with F_OK or X_OK in the mode argument, there is no need to check the path. Bug: https://bugs.gentoo.org/910273 Signed-off-by: Mike Gilbert <floppym@gentoo.org>
author: Mike Gilbert <floppym@gentoo.org> 2023-07-17 10:55:27 -0400
committer: Mike Gilbert <floppym@gentoo.org> 2023-08-03 15:12:42 -0400
commit: 8d6a4839ebd909903691e4a71d6a94b3809adc82 (patch)
tree: 0b91e47dda8fcf34c1a91a9d8794d06b1a1282f7
parent: libsandbox: always permit access to '/memfd:' (diff)
download: sandbox-8d6a4839ebd909903691e4a71d6a94b3809adc82.tar.gz
sandbox-8d6a4839ebd909903691e4a71d6a94b3809adc82.tar.bz2
sandbox-8d6a4839ebd909903691e4a71d6a94b3809adc82.zip
1 files changed, 4 insertions, 1 deletions
diff --git a/libsandbox/libsandbox.c b/libsandbox/libsandbox.c
index e5f6d38..08b85ce 100644
--- a/libsandbox/libsandbox.c
+++ b/libsandbox/libsandbox.c
@@ -1095,8 +1095,11 @@ bool before_syscall_access(int dirfd, int sb_nr, const char *func, const char *f
 	const char *ext_func;
 	if (flags & W_OK)
 		sb_nr = SB_NR_ACCESS_WR, ext_func = "access_wr";
-	else
+	else if (flags & R_OK)
 		sb_nr = SB_NR_ACCESS_RD, ext_func = "access_rd";
+	else
+		/* Must be F_OK or X_OK; we do not need to check either. */
+		return true;
 	return before_syscall(dirfd, sb_nr, ext_func, file, flags);
 }
author	Mike Gilbert <floppym@gentoo.org>	2023-07-17 10:55:27 -0400
committer	Mike Gilbert <floppym@gentoo.org>	2023-08-03 15:12:42 -0400
commit	8d6a4839ebd909903691e4a71d6a94b3809adc82 (patch)
tree	0b91e47dda8fcf34c1a91a9d8794d06b1a1282f7
parent	libsandbox: always permit access to '/memfd:' (diff)
download	sandbox-8d6a4839ebd909903691e4a71d6a94b3809adc82.tar.gz sandbox-8d6a4839ebd909903691e4a71d6a94b3809adc82.tar.bz2 sandbox-8d6a4839ebd909903691e4a71d6a94b3809adc82.zip