Description of problem: I wrap a Python CGI with a setuid wrapper written in C. When executing this program on my Fedora Core 2 workstation, os.access(<filename>, os.W_OK) returns 0 (i.e. "not accessible") for a file that *is* writable by the owner of the CGI, i.e. the user to which the effective UID has been set. os.geteuid correctly returns the effective UID of the CGI owner, but os.access apparently looks elsewhere for that value, although its documentation claims: access( path, mode) Use the real uid/gid to test for access to path. Note that most operations will use the effective uid/gid, therefore this routine can be used in a suid/sgid environment to test if the invoking user has the specified access to path. (http://docs.python.org/lib/os-file-dir.html) Note that "man 2 access," which documents the system call os.access uses, also claims to be using the real uid/gid, but it never claims to use the effective uid/gid or be usable in a setuid environment (except for determining whether the invoking user would have access to a file that the effective user has access to). This may not be a bug, since os.access only claims to use the effective UID most of the time, but if not it's at least worthy of documentation in release notes. Note that the script I'm writing on my Fedora workstation gets published to a FreeBSD 4.8-STABLE server also running Python 2.3.3 on which this problem does not occur. Version-Release number of selected component (if applicable): Fedora Core 2, Python 2.3.3 How reproducible: Happens every time.
will have a look.
Fedora Core 2 is now maintained by the Fedora Legacy project for security updates only. If this problem is a security issue, please reopen and reassign to the Fedora Legacy product. If it is not a security issue and hasn't been resolved in the current FC3 updates or in the FC4 test release, reopen and change the version to match.