From mboxrd@z Thu Jan  1 00:00:00 1970
X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/6581
Path: news.gmane.org!not-for-mail
From: Christoph Hellwig <hch@infradead.org>
Newsgroups: gmane.comp.lib.glibc.alpha,gmane.linux.kernel.api,gmane.linux.lib.musl.general
Subject: Re: [RFC] Possible new execveat(2) Linux syscall
Date: Fri, 21 Nov 2014 02:13:18 -0800
Message-ID: <20141121101318.GG8866@infradead.org>
References: <CAHse=S8ccC2No5EYS0Pex=Ng3oXjfDB9woOBmMY_k+EgxtODZA@mail.gmail.com>
 <20141116195246.GX22465@brightrain.aerifal.cx>
NNTP-Posting-Host: plane.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Trace: ger.gmane.org 1416564812 25171 80.91.229.3 (21 Nov 2014 10:13:32 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Fri, 21 Nov 2014 10:13:32 +0000 (UTC)
Cc: David Drysdale <drysdale@google.com>, libc-alpha@sourceware.org,
	Andrew Morton <akpm@linux-foundation.org>,
	Christoph Hellwig <hch@infradead.org>,
	Linux API <linux-api@vger.kernel.org>,
	Andy Lutomirski <luto@amacapital.net>, musl@lists.openwall.com
To: Rich Felker <dalias@aerifal.cx>
Original-X-From: libc-alpha-return-54610-glibc-alpha=m.gmane.org@sourceware.org Fri Nov 21 11:13:26 2014
Return-path: <libc-alpha-return-54610-glibc-alpha=m.gmane.org@sourceware.org>
Envelope-to: glibc-alpha@plane.gmane.org
Original-Received: from server1.sourceware.org ([209.132.180.131] helo=sourceware.org)
	by plane.gmane.org with esmtp (Exim 4.69)
	(envelope-from <libc-alpha-return-54610-glibc-alpha=m.gmane.org@sourceware.org>)
	id 1XrlDR-0007RN-IU
	for glibc-alpha@plane.gmane.org; Fri, 21 Nov 2014 11:13:25 +0100
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:cc:subject:message-id:references
	:mime-version:content-type:in-reply-to; q=dns; s=default; b=I2TJ
	9hjlcRNibKLeRSyDt0RFp4Jt5ZhvVV5GQ4Us1TP5qKtPRqcJsWmmfUyqWPMF9vHb
	C8Q61oOksy38jZMs1/gYJH+3e0EAAN3FN2qepYHbPLPREw1y6aSuVeWpC2FIUKR6
	6BcbNt31HNk/i/FKKFEDc97ynHt0iIiI9/2B5Yo=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:cc:subject:message-id:references
	:mime-version:content-type:in-reply-to; s=default; bh=JJH2191Mor
	BUTugKE6vxe13qqEk=; b=P4gKkwvXDbrL8fV5RJ7ERvXTpyd1rHIf13/fwq2XXo
	tZvmeop3KtBKf2YHfD8n82slpdqSHfkNO2KBhEEBv5ZJBRBsFG+X1T1/qMtnVMnR
	5GZLF5JuQjhigS1cjXVNru6Yh0Ex4+0V+0jXEP6uS4rZ4tvZdmPOW8ZWvQkQdggu
	E=
Original-Received: (qmail 2904 invoked by alias); 21 Nov 2014 10:13:21 -0000
Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <libc-alpha.sourceware.org>
List-Unsubscribe: <mailto:libc-alpha-unsubscribe-glibc-alpha=m.gmane.org@sourceware.org>
List-Subscribe: <mailto:libc-alpha-subscribe@sourceware.org>
List-Archive: <http://sourceware.org/ml/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-help@sourceware.org>, <http://sourceware.org/ml/#faqs>
Original-Sender: libc-alpha-owner@sourceware.org
Original-Received: (qmail 2894 invoked by uid 89); 21 Nov 2014 10:13:21 -0000
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-1.7 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_LOW,T_RP_MATCHES_RCVD autolearn=ham version=3.3.2
X-HELO: bombadil.infradead.org
Content-Disposition: inline
In-Reply-To: <20141116195246.GX22465@brightrain.aerifal.cx>
User-Agent: Mutt/1.5.23 (2014-03-12)
X-SRS-Rewrite: SMTP reverse-path rewritten from <hch@infradead.org> by bombadil.infradead.org
	See http://www.infradead.org/rpr.html
Xref: news.gmane.org gmane.comp.lib.glibc.alpha:46906 gmane.linux.kernel.api:6291 gmane.linux.lib.musl.general:6581
Archived-At: <http://permalink.gmane.org/gmane.comp.lib.glibc.alpha/46906>

On Sun, Nov 16, 2014 at 02:52:46PM -0500, Rich Felker wrote:
> I've been following the discussions so far and everything looks mostly
> okay. There are still issues to be resolved with the different
> semantics between Linux O_PATH and what POSIX requires for O_EXEC (and
> O_SEARCH) but as long as the intent is that, once O_EXEC is defined to
> save the permissions at the time of open and cause them to be used in
> place of the current file permissions at the time of execveat

As far as I can tell we only need the little patch below to make Linux
O_PATH a valid O_SEARCH implementation.  Rich, you said you wanted to
look over it?

For O_EXEC my interpretation is that we basically just need this new
execveat syscall + a patch to add FMODE_EXEC and enforce it.  So we
wouldn't even need the O_PATH|3 hack.  But unless someone more familar
with the arcane details of the Posix language verifies it I'm tempted to
give up trying to help to implent these flags :(

diff --git a/fs/open.c b/fs/open.c
index d6fd3ac..ee24720 100644
--- a/fs/open.c
+++ b/fs/open.c
@@ -512,7 +512,7 @@ out_unlock:
 
 SYSCALL_DEFINE2(fchmod, unsigned int, fd, umode_t, mode)
 {
-	struct fd f = fdget(fd);
+	struct fd f = fdget_raw(fd);
 	int err = -EBADF;
 
 	if (f.file) {
@@ -633,7 +633,7 @@ SYSCALL_DEFINE3(lchown, const char __user *, filename, uid_t, user, gid_t, group
 
 SYSCALL_DEFINE3(fchown, unsigned int, fd, uid_t, user, gid_t, group)
 {
-	struct fd f = fdget(fd);
+	struct fd f = fdget_raw(fd);
 	int error = -EBADF;
 
 	if (!f.file)