From 3a4cbb41861badaf557b1896542c00d4f40d9f45 Mon Sep 17 00:00:00 2001
From: Ulrich Drepper <drepper@redhat.com>
Date: Mon, 20 Sep 1999 04:59:24 +0000
Subject: Update.

	* manual/filesys.texi (Testing File Access): Correct description of
	SUID.

1999-08025  H.J. Lu  <hjl@gnu.org>

	* csu/defs.awk (.end): Only match with leading white spaces.
	(.align): Likewise.

1999-09-19  Ulrich Drepper  <drepper@cygnus.com>
---
 ChangeLog           | 10 ++++++++++
 csu/defs.awk        |  4 ++--
 manual/filesys.texi | 27 ++++++++++++++-------------
 3 files changed, 26 insertions(+), 15 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 6e2667b..7816e2d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,15 @@
 1999-09-19  Ulrich Drepper  <drepper@cygnus.com>
 
+	* manual/filesys.texi (Testing File Access): Correct description of
+	SUID.
+
+1999-08025  H.J. Lu  <hjl@gnu.org>
+
+	* csu/defs.awk (.end): Only match with leading white spaces.
+	(.align): Likewise.
+
+1999-09-19  Ulrich Drepper  <drepper@cygnus.com>
+
 	* stdlib/isomac.c: Add va_copy to allowed macros.
 
 	* po/pl.po: Updated.
diff --git a/csu/defs.awk b/csu/defs.awk
index ac73e1a..a006c98 100644
--- a/csu/defs.awk
+++ b/csu/defs.awk
@@ -1,5 +1,5 @@
-/\.end/	 { need_end = 1 }
-/\.align/ { if($2 > max) max = $2; }
+/^[ 	]*\.end/   { need_end = 1 }
+/^[ 	]*\.align/ { if($2 > max) max = $2; }
 
 END {
     if(need_end)
diff --git a/manual/filesys.texi b/manual/filesys.texi
index 728b904..5a3f0c5 100644
--- a/manual/filesys.texi
+++ b/manual/filesys.texi
@@ -2267,19 +2267,20 @@ The file resides on a read-only file system.
 @cindex access, testing for
 @cindex setuid programs and file access
 
-When a program runs as a privileged user, this permits it to access
-files off-limits to ordinary users---for example, to modify
-@file{/etc/passwd}.  Programs designed to be run by ordinary users but
-access such files use the setuid bit feature so that they always run
-with @code{root} as the effective user ID.
-
-Since the program runs as @code{root}, it has permission to access
-whatever file the user specifies---but usually the desired behavior is
-to permit only those files which the user could ordinarily access.
-
-The program therefore must explicitly check whether @emph{the user}
-would have the necessary access to a file, before it reads or writes the
-file.
+In some situations it is desirable to allow programs to access files or
+devices even if this is not possible with the permissions granted to the
+user.  One possible solution is to set the setuid-bit of the program
+file.  If such a program is started the @emph{effective} user ID of the
+process is changed to that of the owner of the program file.  So to
+allow write access to files like @file{/etc/passwd}, which normally can
+be written only by the super-user, the modifying program will have to be
+owned by @code{root} and the setuid-bit must be set.
+
+But beside the files the program is intended to change the user should
+not be allowed to access any file to which s/he would not have access
+anyway.  The program therefore must explicitly check whether @emph{the
+user} would have the necessary access to a file, before it reads or
+writes the file.
 
 To do this, use the function @code{access}, which checks for access
 permission based on the process's @emph{real} user ID rather than the
-- 
cgit v1.1