| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20081009212052.GS19428@kernel.dk> Date: Thu, 9 Oct 2008 23:20:53 +0200 From: Jens Axboe <jens.axboe@...cle.com> To: Linus Torvalds <torvalds@...ux-foundation.org> Cc: Miklos Szeredi <miklos@...redi.hu>, linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org Subject: Re: splice vs O_APPEND On Thu, Oct 09 2008, Linus Torvalds wrote: > > > On Thu, 9 Oct 2008, Miklos Szeredi wrote: > > > > The thing is, the append-only attribute is absolutely useless without > > being able to depend on it. So in that sense I think the IS_APPEND > > issue is important, and I'm fine with your original proposal for that > > (except we don't need the IS_IMMUTABLE check). > > Heh. In the meantime, I had grown to hate that more complex patch. > > So because I do see your point with IS_APPEND (being different from > O_APPEND), but because I also think that O_APPEND itself is a gray and > murky area, I just committed the following. I doubt anybody will ever even > notice it, but while I think it's all debatable, we might as well debate > it with this in place. I do agree that it's "safer" behaviour. > > Linus > > --- > commit a05b4085484ac45558810e4c5928e5a291c20f65 > Author: Linus Torvalds <torvalds@...ux-foundation.org> > Date: Thu Oct 9 14:04:54 2008 -0700 > > Don't allow splice() to files opened with O_APPEND > > This is debatable, but while we're debating it, let's disallow the > combination of splice and an O_APPEND destination. > > It's not entirely clear what the semantics of O_APPEND should be, and > POSIX apparently expects pwrite() to ignore O_APPEND, for example. So > we could make up any semantics we want, including the old ones. > > But Miklos convinced me that we should at least give it some thought, > and that accepting writes at arbitrary offsets is wrong at least for > IS_APPEND() files (which always have O_APPEND set, even if the reverse > isn't true: you can obviously have O_APPEND set on a regular file). > > So disallow O_APPEND entirely for now. I doubt anybody cares, and this > way we have one less gray area to worry about. > > Reported-and-argued-for-by: Miklos Szeredi <miklos@...redi.hu> > Cc: Jens Axboe <ens.axboe@...cle.com> > Signed-off-by: Linus Torvalds <torvalds@...ux-foundation.org> A little late I see, but FWIW I agree. I doubt that anyone uses splice with O_APPEND anyways, so should be zero-impact on that account at least. > > diff --git a/fs/splice.c b/fs/splice.c > index 1bbc6f4..a1e701c 100644 > --- a/fs/splice.c > +++ b/fs/splice.c > @@ -898,6 +898,9 @@ static long do_splice_from(struct pipe_inode_info *pipe, struct file *out, > if (unlikely(!(out->f_mode & FMODE_WRITE))) > return -EBADF; > > + if (unlikely(out->f_flags & O_APPEND)) > + return -EINVAL; > + > ret = rw_verify_area(WRITE, out, ppos, len); > if (unlikely(ret < 0)) > return ret; -- Jens Axboe -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists