From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/6582 Path: news.gmane.org!not-for-mail From: David Drysdale Newsgroups: gmane.linux.kernel.api,gmane.comp.lib.glibc.alpha,gmane.linux.lib.musl.general Subject: Re: [RFC] Possible new execveat(2) Linux syscall Date: Fri, 21 Nov 2014 13:49:35 +0000 Message-ID: References: <20141116195246.GX22465@brightrain.aerifal.cx> <20141121101318.GG8866@infradead.org> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 X-Trace: ger.gmane.org 1416577804 24026 80.91.229.3 (21 Nov 2014 13:50:04 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Fri, 21 Nov 2014 13:50:04 +0000 (UTC) Cc: Rich Felker , libc-alpha , Andrew Morton , Linux API , Andy Lutomirski , musl-ZwoEplunGu1jrUoiu81ncdBPR1lH4CV8@public.gmane.org To: Christoph Hellwig Original-X-From: linux-api-owner-u79uwXL29TY76Z2rM5mHXA@public.gmane.org Fri Nov 21 14:49:59 2014 Return-path: Envelope-to: glka-linux-api-wOFGN7rlS/M9smdsby/KFg@public.gmane.org Original-Received: from vger.kernel.org ([209.132.180.67]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1Xroaz-0008QJ-M7 for glka-linux-api-wOFGN7rlS/M9smdsby/KFg@public.gmane.org; Fri, 21 Nov 2014 14:49:58 +0100 Original-Received: (majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org) by vger.kernel.org via listexpand id S1758240AbaKUNt5 (ORCPT ); Fri, 21 Nov 2014 08:49:57 -0500 Original-Received: from mail-qg0-f52.google.com ([209.85.192.52]:44894 "EHLO mail-qg0-f52.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1757880AbaKUNt4 (ORCPT ); Fri, 21 Nov 2014 08:49:56 -0500 Original-Received: by mail-qg0-f52.google.com with SMTP id a108so3726817qge.11 for ; Fri, 21 Nov 2014 05:49:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=kr4H8AxMXOCgyrfV7hB7vPE3clD6QyhJJ9kemX0EBzc=; b=UMrAO08cMdUHB2K3LEyUSc1UH101PjdC6WhMJ8LK9n0sI0Yk4cGpzAe1Egfy6fyZvs mcMg1+ONVlMwbmd/tSmNbjB+J9+Hm8QSBb+kwEPiFIw9JVm3tLzCNabuQH7gvJdhnF30 NNJsv+UU9hQHELGhwhxx0zMhcmaiSRvJHBBjHB3LjZH3vHJASqsOi+0raca9CWc8Ou4A nlma7GlM+rS9uAd2oF4pG0YNQ85YU1XXxDYapQ2vHRMCCPvH/ufxcEzSrv1m6oTiSl1d Z952JLuc0Sa8SuUMDHyRve6j+Js/Rta6eXm3/2knrqgtp3yTY6kmR7eXERMg2SrO1ctw mJig== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=kr4H8AxMXOCgyrfV7hB7vPE3clD6QyhJJ9kemX0EBzc=; b=bek8xfsDuJc5hwl/0Xjx6Ua7fdqvcVOzOLnl2P7+q2rfuRY+o+LRvlVJKAD2hyr/LK /GuLq1hAPDKj4o8r4VfVMRyKilA6YfBHNTz82sTRw3jkKgtPXiHi/GEIbRsgitkvUKQ8 X0yAP0Xb1ap3Z5Qhn7NNa+GZNXoX0AOr1m9kSKP9zmT6GesNoRo+aPS9sZm9IOeMHp/E ZgoGzQvCSwEn9fCYn8cf3YxuH5Ub8SCvlqVQuzFkk/h/mIU5Xr/O42PrcRnXn4gNeJkA jHk6KelFr/E41URIAcB51CSsRJKvmp60QT+6w1RJDQtgu4hXTKVam1vgV3ZUnfBzU14V ye/Q== X-Gm-Message-State: ALoCoQlV8CjWV6qhyDmgeNn94hOJvtMHVZ6BsS8DNUil5ov72MQvhRicZ6U2XrtlfRguhk7edsnb X-Received: by 10.140.21.106 with SMTP id 97mr6445530qgk.61.1416577795245; Fri, 21 Nov 2014 05:49:55 -0800 (PST) Original-Received: by 10.229.185.202 with HTTP; Fri, 21 Nov 2014 05:49:35 -0800 (PST) In-Reply-To: <20141121101318.GG8866-wEGCiKHe2LqWVfeAwA7xHQ@public.gmane.org> Original-Sender: linux-api-owner-u79uwXL29TY76Z2rM5mHXA@public.gmane.org Precedence: bulk List-ID: X-Mailing-List: linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org Xref: news.gmane.org gmane.linux.kernel.api:6292 gmane.comp.lib.glibc.alpha:46913 gmane.linux.lib.musl.general:6582 Archived-At: On Fri, Nov 21, 2014 at 10:13 AM, Christoph Hellwig wrote: > On Sun, Nov 16, 2014 at 02:52:46PM -0500, Rich Felker wrote: >> I've been following the discussions so far and everything looks mostly >> okay. There are still issues to be resolved with the different >> semantics between Linux O_PATH and what POSIX requires for O_EXEC (and >> O_SEARCH) but as long as the intent is that, once O_EXEC is defined to >> save the permissions at the time of open and cause them to be used in >> place of the current file permissions at the time of execveat > > As far as I can tell we only need the little patch below to make Linux > O_PATH a valid O_SEARCH implementation. Rich, you said you wanted to > look over it? > > For O_EXEC my interpretation is that we basically just need this new > execveat syscall + a patch to add FMODE_EXEC and enforce it. So we > wouldn't even need the O_PATH|3 hack. But unless someone more familar > with the arcane details of the Posix language verifies it I'm tempted to > give up trying to help to implent these flags :( I'm not particularly familiar with POSIX details either, but I thought the O_PATH|3 hack would be needed for the interaction with O_ACCMODE -- just using FMODE_EXEC as O_EXEC would confuse existing code that examines (flags & O_ACCMODE). >From [1]: "Applications shall specify exactly one of the ...five ... file access modes ... O_EXEC / O_RDONLY / O_RDWR / O_SEARCH / O_WRONLY" (and O_EXEC and O_SEARCH are allowed to be the same value, as one only applies to files and the other only applies to directories). As O_ACCMODE is 3, there are only 4 possible access modes that work with any existing code that checks (flags & O_ACCMODE), and 3 of the values are taken (0=O_RDONLY, 1=O_WRONLY, 2=O_RDWR). So I guess that's where the idea for the |3 hack comes from. [1] http://pubs.opengroup.org/onlinepubs/9699919799/functions/open.html