| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20200302151046.447zgo36dmfdr2ik@wittgenstein>
Date: Mon, 2 Mar 2020 16:10:46 +0100
From: Christian Brauner <christian.brauner@...ntu.com>
To: Florian Weimer <fweimer@...hat.com>
Cc: David Howells <dhowells@...hat.com>, linux-api@...r.kernel.org,
viro@...iv.linux.org.uk, metze@...ba.org,
torvalds@...ux-foundation.org, cyphar@...har.com,
linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: Have RESOLVE_* flags superseded AT_* flags for new syscalls?
On Mon, Mar 02, 2020 at 01:05:04PM +0100, Christian Brauner wrote:
> On Mon, Mar 02, 2020 at 12:52:39PM +0100, Christian Brauner wrote:
> > On Mon, Mar 02, 2020 at 12:30:47PM +0100, Florian Weimer wrote:
> > > * Christian Brauner:
> > >
> > > > [Cc Florian since that ends up on libc's table sooner or later...]
> > >
> > > I'm not sure what you are after here …
> >
> > Exactly what you've commented below. Input on whether any of these
> > changes would be either problematic if you e.g. were to implement
> > openat() on top of openat2() in the future or if it would be problematic
> > if we e.g. were to really deprecate AT_* flags for new syscalls.
> >
> > >
> > > > On Fri, Feb 28, 2020 at 02:53:32PM +0000, David Howells wrote:
> > > >>
> > > >> I've been told that RESOLVE_* flags, which can be found in linux/openat2.h,
> > > >> should be used instead of the equivalent AT_* flags for new system calls. Is
> > > >> this the case?
> > > >
> > > > Imho, it would make sense to use RESOLVE_* flags for new system calls
> > > > and afair this was the original intention.
> > > > The alternative is that RESOLVE_* flags are special to openat2(). But
> > > > that seems strange, imho. The semantics openat2() has might be very
> > > > useful for new system calls as well which might also want to support
> > > > parts of AT_* flags (see fsinfo()). So we either end up adding new AT_*
> > > > flags mirroring the new RESOLVE_* flags or we end up adding new
> > > > RESOLVE_* flags mirroring parts of AT_* flags. And if that's a
> > > > possibility I vote for RESOLVE_* flags going forward. The have better
> > > > naming too imho.
> > > >
> > > > An argument against this could be that we might end up causing more
> > > > confusion for userspace due to yet another set of flags. But maybe this
> > > > isn't an issue as long as we restrict RESOLVE_* flags to new syscalls.
> > > > When we introduce a new syscall userspace will have to add support for
> > > > it anyway.
> > >
> > > I missed the start of the dicussion and what this is about, sorry.
> > >
> > > Regarding open flags, I think the key point for future APIs is to avoid
> > > using the set of flags for both control of the operation itself
> > > (O_NOFOLLOW/AT_SYMLINK_NOFOLLOW, O_NOCTTY) and properaties of the
> > > resulting descriptor (O_RDWR, O_SYNC). I expect that doing that would
>
> Yeah, we have touched on that already and we have other APIs having
> related problems. A clean way to avoid this problem is to require new
> syscalls to either have two flag arguments, or - if appropriate -
> suggest they make use of struct open_how that was implemented for
> openat2().
By the way, if we really means business wrt to: separate resolution from
fd-property falgs then shouldn't we either require O_NOFOLLOW for
openat2() be specified in open_how->resolve or disallow O_NOFOLLOW for
openat2() and introduce a new RESOLVE_* variant?
Christian
Powered by blists - more mailing lists