Use of the information contained in this unapproved document is at your own risk
.Last update: 20 April,2001
1003.2-92 #159
_____________________________________________________________________________
Interpretation Number: xxxx
Topic: touch
Relevant Sections: 4.63.2, E.4.63, 1003.1-1990 5.6.6.2
PASC Interpretation Request: (Defect Report)
----------------------------
Date: Sun, 1 Feb 1998 16:11:53 -0600
------------------------------------------------------------------------
7 Defect Report concerning (number and title of International Standard
or DIS final text, if applicable):
Shell & Utilities: IEEE Std 1003.2-1992 (ISO 9945-2:1993)
------------------------------------------------------------------------
8 Qualifier (e.g. error, omission, clarification required):
1
Error=1 , Omission=2, Clarification=3
------------------------------------------------------------------------
9 References in document (e.g. page, clause, figure, and/or table
numbers):
4.63.2, E.4.63, 1003.1-1990 5.6.6.2
------------------------------------------------------------------------
10 Nature of defect (complete, concise explanation of the perceived
problem):
According to 4.63.2 (2)(b), lines, 10315-10316, the touch utility shall behave
as if it called the POSIX.1 utime() function with a non-NULL second argument;
that is, it shall behave as if it always passed a pointer to a struct utimbuf to
the utime() function. The specific values to be placed within the struct utimbuf
shall be determined by 4.63.3. When touch is invoked with no options (i.e. only
the filenames to be "touched" are supplied), two issues arise from this
formulation.
1) The precise behavior of the touch utility in this circumstance is not
described under 4.63.3; that behavior is actually described under 4.63.2, lines
10304-10306. This is quite minor; the intent of the standard is quite clear.
2) However, the requirement of 4.63.2 (2)(b) that touch always behave as itf a
non-NULL struct utimbuf * was supplied to a call to utime() appears to conflict
with existing industry practice. Specifically, the security requirements of
utime() differ when the function is called with a NULL versus non-NULL struct
utimbuf *. In the former case, utime() succeeds if either the file is writeable
by the UID of the caller, or the caller UID is the owner, or the calling process
has appropriate privilege. In the latter case, only the last two cases apply;
the writeability of the file by the calling UID is not relevant.
Existing practice for touch is such that an invocation of touch with no options
will succeed so long as the file is writeable by the invoking user, regardless
of whether the user is the owner of the file or if the user has appropriate
privilege. This implies that touch historically has behaved as if it invoked the
utime() call with a NULL struct utimbuf * argument. This historical behavior
appears to be forbidden by 4.63.2 (2)(b).
------------------------------------------------------------------------
11 Solution proposed by the submitter (optional):
Explicitly permit the historical behavior of the touch command when invoked
without options (i.e. only filenames are supplied as arguments), so that "touch
_filename_" will succeed if _filename_ is writeable by the user invoking the
utility even if that user is not the owner of _filename_ and lacks the
appropriate privilege.
------------------------------------------------------------------------
Interpretation response
------------------------
The standard states the requirements for the touch utility
and conforming implementation must conform to this. However,
concerns have been raised about this which are
being referred to the sponsor.
Rationale
-------------
The solution proposed by the submitter is accepted.
Note to technical editor (not part of this interpretation).
----------------------------------------------------------
When touch is called without the -t option, touch should
behave as if utime() was called with a NULL struct utimbuf
pointer argument.
Forwarded to Interpretations group: February 18 1998
Proposed resolution: April 21 1998
Finalised: May 29 1998