Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 21 Feb 2013 19:45:40 -0500
From: Rich Felker <dalias@...ifal.cx>
To: libc-alpha@...rceware.org
Cc: musl@...ts.openwall.com
Subject: O_EXEC and O_SEARCH

Hi,

I'd like to have a conversation with the glibc team about O_EXEC and
O_SEARCH in the interest of hopefully developing a unified plan for
supporting them on Linux. Presumably the reason glibc still does not
have them is that Linux O_PATH does not exactly match their semantics
in some cases, and O_PATH is sufficiently broken on many kernel
versions to make offering it problematic. In particular, current
coreutils break badly on most kernel versions around 2.6.39-3.6 or so
if O_SEARCH and O_EXEC are defined as O_PATH.

Right now, we're offering O_EXEC and O_SEARCH in musl libc, defining
them as O_PATH. As long as recent Linux is used, this gives nearly
correct semantics, except that combined with O_NOFOLLOW they do not
fail when the final component is a symbolic link. I believe it's
possible to work around this issue on sufficiently modern kernels
where fstat works on O_PATH file descriptors, but adding the
workaround whenever O_PATH|O_NOFOLLOW is in the flags would change the
semantics when O_PATH is used by the caller rather than O_EXEC or
O_SEARCH, since the value is equal. I'm not sure this is desirable.

What should the long-term plan for supporting O_SEARCH and O_EXEC on
Linux be? Should we assume Linux is aiming for O_PATH to eventually
provide compatible semantics, and thus just define O_SEARCH and O_EXEC
as O_PATH? Or is there a need to define a different value (perhaps 3,
the unused access mode) for O_SEARCH and O_EXEC and have open/fcntl
remap it and handle workarounds for Linux semantics that don't match
the POSIX semantics?

Rich

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.