Date: Fri, 21 Nov 2014 09:15:25 -0500 From: Rich Felker <dalias@...ifal.cx> To: David Drysdale <drysdale@...gle.com> Cc: Christoph Hellwig <hch@...radead.org>, libc-alpha <libc-alpha@...rceware.org>, Andrew Morton <akpm@...ux-foundation.org>, Linux API <linux-api@...r.kernel.org>, Andy Lutomirski <luto@...capital.net>, musl@...ts.openwall.com Subject: Re: Re: [RFC] Possible new execveat(2) Linux syscall On Fri, Nov 21, 2014 at 01:49:35PM +0000, David Drysdale wrote: > On Fri, Nov 21, 2014 at 10:13 AM, Christoph Hellwig <hch@...radead.org> wrote: > > On Sun, Nov 16, 2014 at 02:52:46PM -0500, Rich Felker wrote: > >> I've been following the discussions so far and everything looks mostly > >> okay. There are still issues to be resolved with the different > >> semantics between Linux O_PATH and what POSIX requires for O_EXEC (and > >> O_SEARCH) but as long as the intent is that, once O_EXEC is defined to > >> save the permissions at the time of open and cause them to be used in > >> place of the current file permissions at the time of execveat > > > > As far as I can tell we only need the little patch below to make Linux > > O_PATH a valid O_SEARCH implementation. Rich, you said you wanted to > > look over it? > > > > For O_EXEC my interpretation is that we basically just need this new > > execveat syscall + a patch to add FMODE_EXEC and enforce it. So we > > wouldn't even need the O_PATH|3 hack. But unless someone more familar > > with the arcane details of the Posix language verifies it I'm tempted to > > give up trying to help to implent these flags :( > > I'm not particularly familiar with POSIX details either, but I thought the > O_PATH|3 hack would be needed for the interaction with O_ACCMODE -- just > using FMODE_EXEC as O_EXEC would confuse existing code that examines > (flags & O_ACCMODE). To conform to POSIX, O_ACCMODE needs to contain all the bits of O_RDONLY|O_WRONLY|O_RDWR|O_SEARCH|O_EXEC. Certainly it's possible that code compiled with an old definition of O_ACCMODE as 3 could inherit (or otherwise obtain) a file descriptor in O_SEARCH/O_EXEC mode, so it's preferable to have the low 2 bits be distinct from the existing access modes, but O_ACCMODE's definition (at least in userspace) really does need to be updated to equal O_PATH|3. > >From : > "Applications shall specify exactly one of the ...five ... file access > modes ... O_EXEC / O_RDONLY / O_RDWR / O_SEARCH / O_WRONLY" > (and O_EXEC and O_SEARCH are allowed to be the same value, > as one only applies to files and the other only applies to directories). > > As O_ACCMODE is 3, there are only 4 possible access modes that work > with any existing code that checks (flags & O_ACCMODE), and 3 of the > values are taken (0=O_RDONLY, 1=O_WRONLY, 2=O_RDWR). So I > guess that's where the idea for the |3 hack comes from. 3 is also "taken" too, but it's a mostly-undocumented hack. Rich
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.