Date: Sat, 27 Sep 2014 09:38:13 -0400 From: Rich Felker <dalias@...c.org> To: musl@...ts.openwall.com Subject: Re: fdopen/fflush problem On Sat, Sep 27, 2014 at 09:29:20AM -0400, Anthony G. Basile wrote: > On 09/26/14 03:23, u-wsnj@...ey.se wrote: > >On Fri, Sep 26, 2014 at 03:05:48AM -0400, Rich Felker wrote: > >> unspecified if the flag argument contains more than the following > >> flags:" > >> > >>The list that follows includes just O_APPEND, O_CLOEXEC, and O_*SYNC, > >>so including O_WRONLY has unspecified behavior. However, since this is > >>just unspecified, not undefined, it seems bad for something "horribly > >>wrong" to happen, like a file with no access like we're getting now. > >>Indeed, POSIX will define an optional error: > >> > >> "The mkostemp( ) function may fail if: > >> > >> [EINVAL] The value of the flag argument is invalid." > >> > >>So I think we should either make this error be detected, or silently > >>mask off the bad access mode. My leaning would be towards reporting it > >>as an error. Opinions? > > > >+1 (reporting an error) > > > >Rune > > > > Both uclibc  and glibc are okay with the flag combination > O_WRONLY|O_CLOEXEC. With unspecified behaviour you really can't say > which way to go here for portability. The correct thing to do would > be to get this behaviour specified (in SUSv4 or something??) since > mkostemp is currently a GNU-ism. Except that it's not; it's accepted for POSIX and you can read the text for it here: http://austingroupbugs.net/view.php?id=411 It seems the unspecified behavior is intentional. But I don't see anything you could meaningfully do with the access mode since it's not mandatory; an explicit mode of O_RDONLY would be indistinguishable from a request for the default (O_RDWR), which is not a big problem since O_RDONLY doesn't make sense for a new file you're creating, but this only works because O_RDONLY happens to be the one with value 0. If O_WRONLY had the value zero, you couldn't honor it. So really, the only viable implementation choices seem to be silently ignoring the mode, or throwing an error if any mode bits are specified. And since we can't detect all modes (e.g. O_RDONLY can't be detected since it's 0) I think it somewhat makes sense, from a consistency standpoint, to just ignore the access mode bits... >  In uclibc libc/stdlib/mkostemp.c calls __gen_tempname in > libc/misc/internals/tempname.c with kind = __GT_FILE and opens the > file with > > fd = open (tmpl, O_RDWR | O_CREAT | O_EXCL, mode); > > which is different from how musl does it in __mkostemps in > src/temp/mkostemps.c > > fd = open(template, flags | O_RDWR | O_CREAT | O_EXCL, 0600); > > Looks like uclibc completely ignores O_APPEND, O_CLOEXEC, and O_*SYNC. Wow. So they just made a fake version of this function which ignores the whole purpose it was created for -- atomic close-on-exec? Care to report this? Rich
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.