[nemo-filemanager] FileModel: use euidaccess() instead of access() to…

… check read permissions. JB#47766 access() returns a result based on the real uid/gid rather than the effective uid/gid. If the calling process has gid=nemo but egid=privileged then it is still able to read the listing of a privileged directory.
sailfishos · Apr 16, 2020 · 1d03d36 · 1d03d36
1 parent 1084494
commit 1d03d36
Showing 1 changed file with 4 additions and 4 deletions.
diff --git a/src/plugin/filemodel.cpp b/src/plugin/filemodel.cpp
@@ -59,11 +59,11 @@ enum {
     BaseNameRole
 };
 
-int access(QString fileName, int how)
+int euidaccess(QString fileName, int how)
 {
     QByteArray fab = fileName.toUtf8();
     char *fn = fab.data();
-    return ::access(fn, how);
+    return ::euidaccess(fn, how);
 }
 
 QVector<StatFileInfo> directoryEntries(const QDir &dir)
@@ -461,7 +461,7 @@ void FileModel::readAllEntries()
         return;
     }
 
-    if (access(dir.path(), R_OK) == -1) {
+    if (euidaccess(dir.path(), R_OK) == -1) {
         qmlInfo(this) << "No permissions to access " << dir.path();
         emit error(ErrorReadNoPermissions, dir.path());
         return;
@@ -488,7 +488,7 @@ void FileModel::refreshEntries()
             return;
         }
 
-        if (access(dir.path(), R_OK) == -1) {
+        if (euidaccess(dir.path(), R_OK) == -1) {
             clearModel();
             qmlInfo(this) << "No permissions to access " << dir.path();
             emit error(ErrorReadNoPermissions, dir.path());