| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 2 Mar 2020 13:05:03 +0100
From: Christian Brauner <christian.brauner@...ntu.com>
To: Florian Weimer <fweimer@...hat.com>
Cc: David Howells <dhowells@...hat.com>, linux-api@...r.kernel.org,
viro@...iv.linux.org.uk, metze@...ba.org,
torvalds@...ux-foundation.org, cyphar@...har.com,
linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: Have RESOLVE_* flags superseded AT_* flags for new syscalls?
On Mon, Mar 02, 2020 at 12:52:39PM +0100, Christian Brauner wrote:
> On Mon, Mar 02, 2020 at 12:30:47PM +0100, Florian Weimer wrote:
> > * Christian Brauner:
> >
> > > [Cc Florian since that ends up on libc's table sooner or later...]
> >
> > I'm not sure what you are after here …
>
> Exactly what you've commented below. Input on whether any of these
> changes would be either problematic if you e.g. were to implement
> openat() on top of openat2() in the future or if it would be problematic
> if we e.g. were to really deprecate AT_* flags for new syscalls.
>
> >
> > > On Fri, Feb 28, 2020 at 02:53:32PM +0000, David Howells wrote:
> > >>
> > >> I've been told that RESOLVE_* flags, which can be found in linux/openat2.h,
> > >> should be used instead of the equivalent AT_* flags for new system calls. Is
> > >> this the case?
> > >
> > > Imho, it would make sense to use RESOLVE_* flags for new system calls
> > > and afair this was the original intention.
> > > The alternative is that RESOLVE_* flags are special to openat2(). But
> > > that seems strange, imho. The semantics openat2() has might be very
> > > useful for new system calls as well which might also want to support
> > > parts of AT_* flags (see fsinfo()). So we either end up adding new AT_*
> > > flags mirroring the new RESOLVE_* flags or we end up adding new
> > > RESOLVE_* flags mirroring parts of AT_* flags. And if that's a
> > > possibility I vote for RESOLVE_* flags going forward. The have better
> > > naming too imho.
> > >
> > > An argument against this could be that we might end up causing more
> > > confusion for userspace due to yet another set of flags. But maybe this
> > > isn't an issue as long as we restrict RESOLVE_* flags to new syscalls.
> > > When we introduce a new syscall userspace will have to add support for
> > > it anyway.
> >
> > I missed the start of the dicussion and what this is about, sorry.
> >
> > Regarding open flags, I think the key point for future APIs is to avoid
> > using the set of flags for both control of the operation itself
> > (O_NOFOLLOW/AT_SYMLINK_NOFOLLOW, O_NOCTTY) and properaties of the
> > resulting descriptor (O_RDWR, O_SYNC). I expect that doing that would
Yeah, we have touched on that already and we have other APIs having
related problems. A clean way to avoid this problem is to require new
syscalls to either have two flag arguments, or - if appropriate -
suggest they make use of struct open_how that was implemented for
openat2().
* @flags: O_* flags.
* @mode: O_CREAT/O_TMPFILE file mode.
* @resolve: RESOLVE_* flags.
*/
struct open_how {
__u64 flags;
__u64 mode;
__u64 resolve;
};
Powered by blists - more mailing lists