Kernel: Use real UID/GID when checking for file access

This aligns the rest of the system with POSIX, who says that access(2) must check against the real UID and GID, not effective ones.
Author: https://github.com/sin-ack Commit: fa692e13f9 Pull-request: https://github.com/SerenityOS/serenity/pull/15428 Reviewed-by: https://github.com/ADKaster ✅ Reviewed-by: https://github.com/AtkinsSJ Reviewed-by: https://github.com/BertalanD Reviewed-by: https://github.com/linusg Reviewed-by: https://github.com/timschumi
2025-12-08 06:09:58 +00:00 · 2022-10-01 12:03:46 +00:00 · 2022-10-01 12:03:46 +00:00 · fa692e13f9 · 2024-07-17 23:00:03 +09:00
commit fa692e13f9
parent 3472c84d14
3 changed files with 20 additions and 12 deletions
--- a/Kernel/FileSystem/VirtualFileSystem.cpp
+++ b/Kernel/FileSystem/VirtualFileSystem.cpp
@ -530,17 +530,17 @@ ErrorOr<void> VirtualFileSystem::access(Credentials const& credentials, StringVi
    auto& inode = custody->inode();
    auto metadata = inode.metadata();
    if (mode & R_OK) {
-        if (!metadata.may_read(credentials))
+        if (!metadata.may_read(credentials, UseEffectiveIDs::No))
            return EACCES;
    }
    if (mode & W_OK) {
-        if (!metadata.may_write(credentials))
+        if (!metadata.may_write(credentials, UseEffectiveIDs::No))
            return EACCES;
        if (custody->is_readonly())
            return EROFS;
    }
    if (mode & X_OK) {
-        if (!metadata.may_execute(credentials))
+        if (!metadata.may_execute(credentials, UseEffectiveIDs::No))
            return EACCES;
    }
    return {};