lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20200306135632.j7kidnqm3edji6cz@wittgenstein>
Date:   Fri, 6 Mar 2020 14:56:32 +0100
From:   Christian Brauner <christian.brauner@...ntu.com>
To:     David Howells <dhowells@...hat.com>
Cc:     linux-api@...r.kernel.org, viro@...iv.linux.org.uk,
        torvalds@...ux-foundation.org, metze@...ba.org, cyphar@...har.com,
        linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [RFC][PATCH] Mark AT_* path flags as deprecated and add missing
 RESOLVE_ flags

On Thu, Mar 05, 2020 at 05:43:33PM +0000, David Howells wrote:
> Do we want to do this?  Or should we duplicate the RESOLVE_* flags to AT_*
> flags so that existing *at() syscalls can make use of them?
> 
> David
> ---
> commit 448731bf3b29f2b1f7c969d7efe1f0673ae13b5e
> Author: David Howells <dhowells@...hat.com>
> Date:   Thu Mar 5 17:40:02 2020 +0000
> 
>     Mark AT_* flags as deprecated and add missing RESOLVE_ flags
>     
>     It has been suggested that new path-using system calls should use RESOLVE_*
>     flags instead of AT_* flags, but the RESOLVE_* flag functions are not a
>     superset of the AT_* flag functions.  So formalise this by:
>     
>      (1) In linux/fcntl.h, add a comment noting that the AT_* flags are
>          deprecated for new system calls and that RESOLVE_* flags should be
>          used instead.
>     
>      (2) Add some missing flags:
>     
>             RESOLVE_NO_TERMINAL_SYMLINKS    for AT_SYMLINK_NOFOLLOW
>             RESOLVE_NO_TERMINAL_AUTOMOUNTS  for AT_NO_AUTOMOUNT
>             RESOLVE_EMPTY_PATH              for AT_EMPTY_PATH
>     
>      (3) Make openat2() support RESOLVE_NO_TERMINAL_SYMLINKS.  LOOKUP_OPEN
>          internally implies LOOKUP_AUTOMOUNT, and AT_EMPTY_PATH is probably not
>          worth supporting (maybe use dup2() instead?).
>     
>     Reported-by: Stefan Metzmacher <metze@...ba.org>
>     Signed-off-by: David Howells <dhowells@...hat.com>
>     cc: Aleksa Sarai <cyphar@...har.com>
> 
> diff --git a/fs/open.c b/fs/open.c
> index 0788b3715731..6946ad09b42b 100644
> --- a/fs/open.c
> +++ b/fs/open.c
> @@ -977,7 +977,7 @@ inline struct open_how build_open_how(int flags, umode_t mode)
>  inline int build_open_flags(const struct open_how *how, struct open_flags *op)
>  {
>  	int flags = how->flags;
> -	int lookup_flags = 0;
> +	int lookup_flags = LOOKUP_FOLLOW | LOOKUP_AUTOMOUNT;
>  	int acc_mode = ACC_MODE(flags);
>  
>  	/* Must never be set by userspace */
> @@ -1055,8 +1055,8 @@ inline int build_open_flags(const struct open_how *how, struct open_flags *op)
>  
>  	if (flags & O_DIRECTORY)
>  		lookup_flags |= LOOKUP_DIRECTORY;
> -	if (!(flags & O_NOFOLLOW))
> -		lookup_flags |= LOOKUP_FOLLOW;
> +	if (flags & O_NOFOLLOW)
> +		lookup_flags &= ~LOOKUP_FOLLOW;

Odd change. But I guess you're doing it for the sake of consistency
because of how you treat NO_TERMINAL_SYMLINKS below.

>  
>  	if (how->resolve & RESOLVE_NO_XDEV)
>  		lookup_flags |= LOOKUP_NO_XDEV;
> @@ -1068,6 +1068,8 @@ inline int build_open_flags(const struct open_how *how, struct open_flags *op)
>  		lookup_flags |= LOOKUP_BENEATH;
>  	if (how->resolve & RESOLVE_IN_ROOT)
>  		lookup_flags |= LOOKUP_IN_ROOT;
> +	if (how->resolve & RESOLVE_NO_TERMINAL_SYMLINKS)
> +		lookup_flags &= ~LOOKUP_FOLLOW;
>  
>  	op->lookup_flags = lookup_flags;
>  	return 0;
> diff --git a/include/linux/fcntl.h b/include/linux/fcntl.h
> index 7bcdcf4f6ab2..fd6ee34cce0f 100644
> --- a/include/linux/fcntl.h
> +++ b/include/linux/fcntl.h
> @@ -19,7 +19,8 @@
>  /* List of all valid flags for the how->resolve argument: */
>  #define VALID_RESOLVE_FLAGS \
>  	(RESOLVE_NO_XDEV | RESOLVE_NO_MAGICLINKS | RESOLVE_NO_SYMLINKS | \
> -	 RESOLVE_BENEATH | RESOLVE_IN_ROOT)
> +	 RESOLVE_BENEATH | RESOLVE_IN_ROOT | RESOLVE_NO_TERMINAL_SYMLINKS | \
> +	 RESOLVE_NO_TERMINAL_AUTOMOUNTS | RESOLVE_EMPTY_PATH)
>  
>  /* List of all open_how "versions". */
>  #define OPEN_HOW_SIZE_VER0	24 /* sizeof first published struct */
> diff --git a/include/uapi/linux/fcntl.h b/include/uapi/linux/fcntl.h
> index ca88b7bce553..9f5432dbd213 100644
> --- a/include/uapi/linux/fcntl.h
> +++ b/include/uapi/linux/fcntl.h
> @@ -84,9 +84,20 @@
>  #define DN_ATTRIB	0x00000020	/* File changed attibutes */
>  #define DN_MULTISHOT	0x80000000	/* Don't remove notifier */
>  
> -#define AT_FDCWD		-100    /* Special value used to indicate
> -                                           openat should use the current
> -                                           working directory. */
> +
> +/*
> + * Special dfd/dirfd file descriptor value used to indicate that *at() system
> + * calls should use the current working directory for relative paths.
> + */
> +#define AT_FDCWD		-100
> +
> +/*
> + * Pathwalk control flags, used for the *at() syscalls.  These should be
> + * considered deprecated and should not be used for new system calls.  The
> + * RESOLVE_* flags in <linux/openat2.h> should be used instead.

Agreed.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ