From mboxrd@z Thu Jan  1 00:00:00 1970
X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/6197
Path: news.gmane.org!not-for-mail
From: Justin Cormack <justin@specialbusservice.com>
Newsgroups: gmane.linux.lib.musl.general
Subject: Re: faccessat and AT_SYM_NOFOLLOW
Date: Thu, 25 Sep 2014 22:03:06 +0100
Message-ID: <CAK4o1Wzz9CZgza8opJ_Po0BMufEmbPpC0EDxJum9jJBJ4TkhDw@mail.gmail.com>
References: <20140925160110.GA25937@brightrain.aerifal.cx>
	<20140925164614.GO20593@example.net>
Reply-To: musl@lists.openwall.com
NNTP-Posting-Host: plane.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
X-Trace: ger.gmane.org 1411679061 19947 80.91.229.3 (25 Sep 2014 21:04:21 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Thu, 25 Sep 2014 21:04:21 +0000 (UTC)
To: musl@lists.openwall.com
Original-X-From: musl-return-6210-gllmg-musl=m.gmane.org@lists.openwall.com Thu Sep 25 23:04:13 2014
Return-path: <musl-return-6210-gllmg-musl=m.gmane.org@lists.openwall.com>
Envelope-to: gllmg-musl@plane.gmane.org
Original-Received: from mother.openwall.net ([195.42.179.200])
	by plane.gmane.org with smtp (Exim 4.69)
	(envelope-from <musl-return-6210-gllmg-musl=m.gmane.org@lists.openwall.com>)
	id 1XXGCz-0007of-7d
	for gllmg-musl@plane.gmane.org; Thu, 25 Sep 2014 23:04:13 +0200
Original-Received: (qmail 7758 invoked by uid 550); 25 Sep 2014 21:04:12 -0000
Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm
Precedence: bulk
List-Post: <mailto:musl@lists.openwall.com>
List-Help: <mailto:musl-help@lists.openwall.com>
List-Unsubscribe: <mailto:musl-unsubscribe@lists.openwall.com>
List-Subscribe: <mailto:musl-subscribe@lists.openwall.com>
Original-Received: (qmail 7344 invoked from network); 25 Sep 2014 21:03:17 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=specialbusservice.com; s=google;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :content-type;
        bh=BOy98f9Xq9tCPvrsH25/nmRuJ7L1u1CWLTfkdmSHSlg=;
        b=hI+wt5laEOcGPEEuXTMCOA6foz1aOhQkh6u+5ko7wjojwvEtNGalq1G8eX3WHRBn6Z
         i+fwk5H44kFEls8wp+78CgjYP4o5ZtMxqATvcOzOh9+S7Ny8xw3WfzJJSsnAFPSAXOQY
         WrZ/91WwmtxPXYZPAPMpYyj5vp/EP0s6PSv4k=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=x-gm-message-state:mime-version:in-reply-to:references:date
         :message-id:subject:from:to:content-type;
        bh=BOy98f9Xq9tCPvrsH25/nmRuJ7L1u1CWLTfkdmSHSlg=;
        b=ezRQWGt5FyNTj7FLoofWkLRxhXmpqGWdlS0fR6rjACxFEep6svRNIEBXlU1AJKsVF/
         51/RMUNOuyvTYP0YAuhRsINYvgofWmUVFIdVH4o0MnW97+EIO4aMQXHDZ9G0BzKwim4r
         a61hKY0cmFvJZn4Uibmv/E5YZzZDrMRo3zzHFe0rR7UIrCYnAYi/X5nUja8FYQNNQhOS
         DlzKsuhvUL82/OKbMlJYfWkz7kKZ3OaOEhqV+/V0biKYBH/+S3LG1eEgPf9nKGpoStYg
         /R1jtCBsf++JFkt9nNLmvTwsZEDQtdFI8ONws779obN1A93g3g6bEmBkk9cHR27qa/yE
         SnSQ==
X-Gm-Message-State: ALoCoQm7WKasCcXPN2xZvi5zWzyvg5TnCwrz/fe5YYtIwvrLJ5WhY7Rz2UP0t8uI2dzmm455ceVJ
X-Received: by 10.152.28.74 with SMTP id z10mr16425382lag.10.1411678986210;
 Thu, 25 Sep 2014 14:03:06 -0700 (PDT)
In-Reply-To: <20140925164614.GO20593@example.net>
Xref: news.gmane.org gmane.linux.lib.musl.general:6197
Archived-At: <http://permalink.gmane.org/gmane.linux.lib.musl.general/6197>

On Thu, Sep 25, 2014 at 5:46 PM,  <u-wsnj@aetey.se> wrote:
> On Thu, Sep 25, 2014 at 12:01:10PM -0400, Rich Felker wrote:
>>    to get the file ownership and mode and performs its own access
>>    permissions check in userspace. This is imprecise and does not
>>    respect ACLs or any other advanced permission models provided by
>
> Of course, that's plainly wrong.
>
>> So my conclusion? There are some moderate-level documentation errors.
>> glibc implements the flag, but not correctly. The changes I would
>> recommend to the documentation:
>>
>> 1. Document that AT_SYM_NOFOLLOW is not standard for this function,
>>    and is a glibc extension. (uclibc is just a copy of glibc code)
>>
>> 2. Document that AT_SYM_NOFOLLOW and AT_EACCESS are emulated and
>>    unreliable on glibc.
>>
>> 3. Document that the man page is covering the POSIX/glibc function
>>    details, and the kernel syscall does not support flags at all.
>>    (This might aid in getting the kernel folks to add a new faccessat4
>>    syscall that would do flags at the kernel level.)
>>
>> Do these sound reasonable?
>
> Yes (but I would look for a stronger wording than "unreliable" :)
>
>> Issue 2: Should musl support or ignore the AT_SYM_NOFOLLOW with
>> faccessat?
>
> [your analysis looks for my eyes correct]
>
> I would not bother implementing something which does not make sense
> (worse, would mislead the programmers, iow inflicting damage instead
> of doing any good).

Seems reasonable.

I note that Musl calls faccessat with the flag though, even though the
syscall appears to not be defined with the flag, so that should
probably be fixed, if I havent misread anything.

I don't think anyone will add faccessat4, given that the whole idea is
basically broken.

Justin