RT1369: don't do "helpful" access check.

Don't do access check on destination directory; it breaks when euid/egid is different from real uid/gid. Reviewed-by: Richard Levitte <levitte@openssl.org> Signed-off-by: Rich Salz <rsalz@akamai.com>
2015-05-04 07:52:27 -04:00 · 2015-05-04 07:52:27 -04:00 · b6d3cb543c
commit b6d3cb543c
parent b8cba00807
1 changed files with 5 additions and 16 deletions
--- a/apps/ca.c
+++ b/apps/ca.c
@ -703,24 +703,13 @@ end_of_options:
 #ifndef OPENSSL_SYS_VMS
        /*
         * outdir is a directory spec, but access() for VMS demands a
-         * filename.  In any case, stat(), below, will catch the problem if
-         * outdir is not a directory spec, and the fopen() or open() will
-         * catch an error if there is no write access.
-         *
-         * Presumably, this problem could also be solved by using the DEC C
-         * routines to convert the directory syntax to Unixly, and give that
-         * to access().  However, time's too short to do that just now.
+         * filename.  We could use the DEC C routine to convert the
+         * directory syntax to Unixly, and give that to app_isdir,
+         * but for now the fopen will catch the error if it's not a
+         * directory
         */
-        if (app_access(outdir, R_OK | W_OK | X_OK) != 0)
-        {
-            BIO_printf(bio_err, "I am unable to access the %s directory\n",
-                       outdir);
-            perror(outdir);
-            goto end;
-        }
-
        if (app_isdir(outdir) <= 0) {
-            BIO_printf(bio_err, "%s need to be a directory\n", outdir);
+            BIO_printf(bio_err, "%s: %s is not a directory\n", prog, outdir);
            perror(outdir);
            goto end;
        }