From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from tb-mx1.topicbox.com (localhost.local [127.0.0.1]) by tb-mx1.topicbox.com (Postfix) with ESMTP id 09BDB282409D for <9fans@9fans.net>; Sat, 6 Jun 2020 09:26:03 -0400 (EDT) (envelope-from charles.forsyth@gmail.com) Received: from tb-mx1.topicbox.com (localhost [127.0.0.1]) by tb-mx1.topicbox.com (Authentication Milter) with ESMTP id CFDCFF0F3D7; Sat, 6 Jun 2020 09:26:03 -0400 ARC-Seal: i=1; a=rsa-sha256; cv=none; d=topicbox.com; s=arcseal; t= 1591449962; b=MEnbx2PkL3YdWEw0+7y1b/7T/kci4mCVkANvf4JR02BcfQWyzy z7lfXK6+kUbaSn4mdOudj4RfVa06Ia74jgNjy48Gu/+cnuVxBGgPQw7KoDJkwgOg CXVq/w0xbp0ZhSmGaSBSp7VcFkXlJVpYaH/9u2eyjK8/B1Pk2mg7R1Lq8+BF3MOO TcANzKSyLweSFFoLdNEQ5AF+n9eosiosuid2uU/32/X4k1axh38NQwnefxyIEpBn Ivnr2Sw2tB+6ljvnVOpskzpTTUk1KTMbklZhONA0nl2busFLKt8HyZz9RJnMYohM OIMXEtXSdsU4+PRSFszMOX0viTK7WsEhGT9g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d= topicbox.com; h=mime-version:references:in-reply-to:from:date :message-id:subject:to:content-type; s=arcseal; t=1591449962; bh=1J/zKCe91GIaanZKd2evpuSVWUoytXoyNRTHukKQH58=; b=XC69z5hog0yM ati4nl8v0r6Vk6Rzpt7yaSH2N2MUouazHKrajiXjrJwZcGUumuHqG/gP+LOp73ct 3hZ9LO0Ky0tgY6yWZJyiuHZQw3GTzS4KzmzPDGoqnFT0eFbnFo+YGQS2Jh8sAX89 0XY99h9esIyDhhymMX5iHQBMlqt4rGD8k7rKKOFG1tR+BFayzXd5VQ5Z7oZ9ASTL +UqJByYQeNOIxqeORGX57n8ukmhOs7LvmEEDmpberqSnZRGMof0lV6DOyIOV4qpK Ieu9PbaSNVQB8XpipR5R6srLj7vdV6bvrDrjtLtloWOJvIBSNpaDlPPArqIZtWuQ QWTw0Ec3oA== ARC-Authentication-Results: i=1; tb-mx1.topicbox.com; arc=none (no signatures found); bimi=none (Domain is not BIMI enabled); dkim=pass (2048-bit rsa key sha256) header.d=gmail.com header.i=@gmail.com header.b=ocg5nG2f header.a=rsa-sha256 header.s=20161025 x-bits=2048; dmarc=pass policy.published-domain-policy=none policy.published-subdomain-policy=quarantine policy.applied-disposition=none policy.evaluated-disposition=none (p=none,sp=quarantine,d=none,d.eval=none) policy.policy-from=p header.from=gmail.com; iprev=pass smtp.remote-ip=209.85.217.52 (mail-vs1-f52.google.com); spf=pass smtp.mailfrom=charles.forsyth@gmail.com smtp.helo=mail-vs1-f52.google.com; x-aligned-from=pass (Address match); x-google-dkim=pass (2048-bit rsa key) header.d=1e100.net header.i=@1e100.net header.b=lhZebvaW; x-ptr=pass smtp.helo=mail-vs1-f52.google.com policy.ptr=mail-vs1-f52.google.com; x-return-mx=pass header.domain=gmail.com policy.is_org=yes (MX Records found: alt1.gmail-smtp-in.l.google.com,alt3.gmail-smtp-in.l.google.com,gmail-smtp-in.l.google.com,alt4.gmail-smtp-in.l.google.com,alt2.gmail-smtp-in.l.google.com); x-return-mx=pass smtp.domain=gmail.com policy.is_org=yes (MX Records found: alt1.gmail-smtp-in.l.google.com,alt3.gmail-smtp-in.l.google.com,gmail-smtp-in.l.google.com,alt4.gmail-smtp-in.l.google.com,alt2.gmail-smtp-in.l.google.com); x-tls=pass smtp.version=TLSv1.2 smtp.cipher=ECDHE-RSA-AES256-GCM-SHA384 smtp.bits=256/256; x-vs=clean score=0 state=0 Authentication-Results: tb-mx1.topicbox.com; arc=none (no signatures found); bimi=none (Domain is not BIMI enabled); dkim=pass (2048-bit rsa key sha256) header.d=gmail.com header.i=@gmail.com header.b=ocg5nG2f header.a=rsa-sha256 header.s=20161025 x-bits=2048; dmarc=pass policy.published-domain-policy=none policy.published-subdomain-policy=quarantine policy.applied-disposition=none policy.evaluated-disposition=none (p=none,sp=quarantine,d=none,d.eval=none) policy.policy-from=p header.from=gmail.com; iprev=pass smtp.remote-ip=209.85.217.52 (mail-vs1-f52.google.com); spf=pass smtp.mailfrom=charles.forsyth@gmail.com smtp.helo=mail-vs1-f52.google.com; x-aligned-from=pass (Address match); x-google-dkim=pass (2048-bit rsa key) header.d=1e100.net header.i=@1e100.net header.b=lhZebvaW; x-ptr=pass smtp.helo=mail-vs1-f52.google.com policy.ptr=mail-vs1-f52.google.com; x-return-mx=pass header.domain=gmail.com policy.is_org=yes (MX Records found: alt1.gmail-smtp-in.l.google.com,alt3.gmail-smtp-in.l.google.com,gmail-smtp-in.l.google.com,alt4.gmail-smtp-in.l.google.com,alt2.gmail-smtp-in.l.google.com); x-return-mx=pass smtp.domain=gmail.com policy.is_org=yes (MX Records found: alt1.gmail-smtp-in.l.google.com,alt3.gmail-smtp-in.l.google.com,gmail-smtp-in.l.google.com,alt4.gmail-smtp-in.l.google.com,alt2.gmail-smtp-in.l.google.com); x-tls=pass smtp.version=TLSv1.2 smtp.cipher=ECDHE-RSA-AES256-GCM-SHA384 smtp.bits=256/256; x-vs=clean score=0 state=0 X-ME-VSCause: gggruggvucftvghtrhhoucdtuddrgeduhedrudeghedgieekucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdggtfgfnhhsuhgsshgtrhhisggvpdfu rfetoffkrfgpnffqhgenuceurghilhhouhhtmecufedttdenucenucfjughrpeggfhgjhf ffkffuvfgtsegrtderredttdejnecuhfhrohhmpeevhhgrrhhlvghsucfhohhrshihthhh uceotghhrghrlhgvshdrfhhorhhshihthhesghhmrghilhdrtghomheqnecuggftrfgrth htvghrnhepfeeftefhvefhveetjedthfeifeeiveehjeelvdegvedvgeelgfevtdelgfeg ieeknecuffhomhgrihhnpehtohhpihgtsghogidrtghomhenucfkphepvddtledrkeehrd dvudejrdehvdenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepihhnvghtpedv tdelrdekhedrvddujedrhedvpdhhvghlohepmhgrihhlqdhvshduqdhfhedvrdhgohhogh hlvgdrtghomhdpmhgrihhlfhhrohhmpeeotghhrghrlhgvshdrfhhorhhshihthhesghhm rghilhdrtghomhequcfukfgkgfepleejfeel X-ME-VSScore: 0 X-ME-VSCategory: clean Received-SPF: pass (gmail.com ... _spf.google.com: Sender is authorized to use 'charles.forsyth@gmail.com' in 'mfrom' identity (mechanism 'include:_netblocks.google.com' matched)) receiver=tb-mx1.topicbox.com; identity=mailfrom; envelope-from="charles.forsyth@gmail.com"; helo=mail-vs1-f52.google.com; client-ip=209.85.217.52 Received: from mail-vs1-f52.google.com (mail-vs1-f52.google.com [209.85.217.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by tb-mx1.topicbox.com (Postfix) with ESMTPS for <9fans@9fans.net>; Sat, 6 Jun 2020 09:26:02 -0400 (EDT) (envelope-from charles.forsyth@gmail.com) Received: by mail-vs1-f52.google.com with SMTP id j13so7210141vsn.3 for <9fans@9fans.net>; Sat, 06 Jun 2020 06:26:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=1J/zKCe91GIaanZKd2evpuSVWUoytXoyNRTHukKQH58=; b=ocg5nG2fJ8e098KyNKPW3TOHToftgAoyMDS2tAbQCuvOu/jkvFCg6/k7boxq433Y4d f8ptG0tuwxihnoaCj0mCSATXQdVjCJQKrn7PY3PBAhVJhx4oMAYDehZeDS4ah+eM7cAs gzUR+FXxgqyMXpwK2w9B5aGZSZDBSs6IfvjJ8srodgAwegQ7IezEIB6iVHUE+NvnaEb9 VVsE6JFYqLZOR7X91IEkKOwBLNo3kKZoKbdVDY6MKLJ0G6GtvDvJ/JCnvHNEP1UPfi0a 7WAmJlZZN7FKDATfNsM3ZBwPIlXgwvE3yA/ERQLYig/oZjo1iIrQbH/PhJIMY6jPATHZ yNuA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=1J/zKCe91GIaanZKd2evpuSVWUoytXoyNRTHukKQH58=; b=lhZebvaW9SaU3lUkCBoNx/vhCAKtbL8+cZMbh2aHFamE5rnSlLnekFh6hgbrlA9V00 8U4mbZD9cuTqxNPIPDHirf3v9cPkHbXEZBnfQJMj2CUmC2+/qLJhCIFyNh1LMd+BhWa/ WF2dX4OgyTbj20/jNX4dHXoHJo8bsbNdG+Otj1I4VETc3SLW5MKIrM2IORHRL3P5CzMe ooSBe5tdhWQEzXO0ittkHToh41vYhjVpXtfoLphTyUZq7Fv03hJMrUhMiaFEA62Dlz6V m6glxMBRezbDUjt26iOpAOqrulPZE9lLDFZQzlRAepcdLL8edDnVyT3WBWY2TkUnTCYv GKBw== X-Gm-Message-State: AOAM530zrU9JiSbdZPvj+MFqMdc58tENQk1Ke9qJix/AFnwAtGEzxH2G fNbtWt35A3KgCbEjegt9JuVOwOxVrXi/ezwHrfDkAVJY X-Google-Smtp-Source: ABdhPJz4HGejiGMEXfMW7+v+z0NFaT+4GCJ5YpRDr9gMhLoJChxlZCxHP068BT/5bt8njUwdhNiayhWT/6qxsBY/744= X-Received: by 2002:a67:eb95:: with SMTP id e21mr442387vso.193.1591449961898; Sat, 06 Jun 2020 06:26:01 -0700 (PDT) MIME-Version: 1.0 References: <235881e7dc602196b9845c4d10c211a8@hamnavoe.com> <33fdd954-db9a-4273-a0ac-907f07b42499@www.fastmail.com> In-Reply-To: <33fdd954-db9a-4273-a0ac-907f07b42499@www.fastmail.com> From: Charles Forsyth Date: Sat, 6 Jun 2020 14:25:50 +0100 Message-ID: Subject: Re: [9fans] `test -x` returns wrong results for directories To: 9fans <9fans@9fans.net> Content-Type: multipart/alternative; boundary="000000000000a8278e05a76a5146" Topicbox-Policy-Reasoning: allow: sender is a member Topicbox-Message-UUID: 48b2ab62-a7f9-11ea-8785-877e51ffee6c --000000000000a8278e05a76a5146 Content-Type: text/plain; charset="UTF-8" execute permission on files, meaning here non-directories, is a special variant of read. a file with mode 0111 can be opened with OEXEC and read(2) will work as well as exec(2), but can't be opened with OREAD, because it's not got any of 0444 set. bits 0111 distinguish a file with contents that are intended to be executed once read from files with only 0444 that do not contain executable content. you wouldn't want every readable file to be executable (especially if you've used systems that didn't have that distinction). on the other hand, in a distributed file system, the client needs the contents of the file to run it (whether code or #!script) so it needs to be able to read files with just OEXEC. I suppose the rule could have been that it would need mode 5 (r+x) to make clear that the file was also readable, but it isn't. that OEXEC allows reading isn't true for a directory because exec means "search", so if it's mode 0111 (say) you can chdir into it but not read the names within it. if you know a name of a file in that directory, though, you can still open that. that's entirely enforced by the server. as the bug in access(2) suggests, only the server knows whether access should be granted, and the open call gets it to do that, but it doesn't work for OEXEC for directories as others have noted. perhaps stat+chdir is the most accurate test, since you need x (search) permission to walk(5) into a directory, but the caller won't thank you for the chdir (and there's no easy or certain way back), and ... that restriction isn't enforced by fossil or ramfs. (ramfs wrongly allows you to read a directory that's mode 0.) probably the best thing is just to ignore the owner/group/other distinction, and if the open(...OEXEC) fails, dirstat it, and if it's a directory with any of 0111 set, it's fine (a little better than now). On Sat, Jun 6, 2020 at 7:38 AM Ethan Gardener wrote: > On Fri, Jun 5, 2020, at 8:22 PM, Richard Miller wrote: > > Looks to me like access(2) is not doing the right thing for directory > > execute (=search) permission. > > thanks for the tip. access is a very simple function. it doesn't do the > right thing, but there's a reason: > > BUGS > Since file permissions are checked by the server and group > information is not known to the client, access must open the > file to check permissions. (It calls stat(2) to check sim- > ple existence.) > > it's open() which is failing. i suppose it should. > > if the open fails, maybe access should stat the file, and if it's a > directory, try dirread(2). or maybe just opening it for reading will work. > i don't know, i'm new to this bit of plan 9 & i haven't slept. > > ------------------------------------------ > 9fans: 9fans > Permalink: > https://9fans.topicbox.com/groups/9fans/Tdd7a9b1b32d01f54-M6c82b233d9b0cabf21ca7512 > Delivery options: https://9fans.topicbox.com/groups/9fans/subscription > --000000000000a8278e05a76a5146 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
execute permission on files, meaning here non-directories,= is a special variant of read. a file with mode 0111 can be opened with OEX= EC and read(2) will work as well as exec(2),
but can't be opened wi= th OREAD, because it's not got any of 0444 set. bits 0111 distinguish a= file with contents that are intended to be executed once read from files w= ith only 0444 that do not contain executable content.
you wouldn&= #39;t want every readable file to be executable (especially if you've u= sed systems that didn't have that distinction).
on the other = hand, in a distributed file system, the client needs the contents of the fi= le to run it (whether code or #!script) so it needs to be able to read file= s with just OEXEC.
I suppose the rule could have been that it wou= ld need mode 5 (r+x) to make clear that the file was also readable, but it = isn't.

that OEXEC allows reading isn't tru= e for a directory because exec means "search", so if it's mod= e 0111 (say) you can chdir into it but not read the names within it.
<= div>if you know a name of a file in that directory, though, you can still o= pen that. that's entirely enforced by the server.

<= div>as the bug in access(2) suggests, only the server knows whether access = should be granted, and the open call gets it to do that,
but it d= oesn't work for OEXEC for directories as others have noted. perhaps sta= t+chdir is the most accurate test, since you need x (search) permission to = walk(5) into a directory,
but the caller won't thank you for = the chdir (and there's no easy or certain way back), and ... that restr= iction isn't enforced by fossil or ramfs. (ramfs wrongly allows you to = read a directory that's mode 0.)

probably the = best thing is just to ignore the owner/group/other distinction, and if the = open(...OEXEC) fails, dirstat it, and if it's a directory with any of 0= 111 set, it's fine (a little better than now).



On Sat, Jun 6, 2020 at 7:38 AM Ethan Gardener <eekee57@fastmail.fm> wrote:
On Fri, Jun 5, 2020, at 8:22 PM= , Richard Miller wrote:
> Looks to me like access(2) is not doing the right thing for directory<= br> > execute (=3Dsearch) permission.

thanks for the tip. access is a very simple function. it doesn't do the= right thing, but there's a reason:

=C2=A0 =C2=A0 =C2=A0BUGS
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 Since file permissions are checked by th= e server and group
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 information is not known to the client, = access must open the
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 file to check permissions.=C2=A0 (It cal= ls stat(2) to check sim-
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 ple existence.)

it's open() which is failing. i suppose it should.

if the open fails, maybe access should stat the file, and if it's a dir= ectory, try dirread(2). or maybe just opening it for reading will work. i d= on't know, i'm new to this bit of plan 9 & i haven't slept.=

------------------------------------------
9fans: 9fans
Permalink: https:= //9fans.topicbox.com/groups/9fans/Tdd7a9b1b32d01f54-M6c82b233d9b0cabf21ca75= 12
Delivery options: https://9fans.topicbox.com/gro= ups/9fans/subscription
--000000000000a8278e05a76a5146--