From: Paul Eggert <eggert@cs.ucla.edu>
To: Florian Weimer <fw@deneb.enyo.de>, Al Viro <viro@zeniv.linux.org.uk>
Cc: "Darrick J. Wong" <darrick.wong@oracle.com>,
Christoph Hellwig <hch@infradead.org>,
linux-xfs@vger.kernel.org, libc-alpha@sourceware.org,
linux-fsdevel@vger.kernel.org, Rich Felker <dalias@libc.org>,
Gnulib bugs <bug-gnulib@gnu.org>
Subject: Re: XFS reports lchmod failure, but changes file system contents
Date: Wed, 12 Feb 2020 12:38:11 -0800 [thread overview]
Message-ID: <33a0e120-14d7-7d9a-2e00-2fb7e1db99f7@cs.ucla.edu> (raw)
In-Reply-To: <87wo8rlgml.fsf@mid.deneb.enyo.de>
On 2/12/20 12:01 PM, Florian Weimer wrote:
> I assumed that an O_PATH descriptor was not intending to
> confer that capability.
I originally assumed the other way, as I don't see any security reason
why fchmod should not work on O_PATH-opened descriptors. I see that the
Linux man page says open+O_PATH doesn't work with fchmod, but that's
just a bug in the spec.
In Android, the bionic C library has worked around this problem since
2015 by wrapping fchmod so that it works even when the fd was
O_PATH-opened. Bionic then uses O_PATH + fchmod to work around the
fchmodat+AT_SYMLINK_NOFOLLOW problem[1]. glibc (and Gnulib, etc.) could
do the same. It's the most sane way out of this mess.
[1]
https://android.googlesource.com/platform/bionic/+/3cbc6c627fe57c9a9783c52d148078f8d52f7b96
next prev parent reply other threads:[~2020-02-12 20:44 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-02-12 11:48 XFS reports lchmod failure, but changes file system contents Florian Weimer
2020-02-12 12:15 ` Florian Weimer
2020-02-12 16:16 ` Darrick J. Wong
2020-02-12 18:11 ` Christoph Hellwig
2020-02-12 18:37 ` Darrick J. Wong
2020-02-12 19:15 ` Florian Weimer
2020-02-12 19:51 ` Al Viro
2020-02-12 19:55 ` Rich Felker
2020-02-12 20:01 ` Florian Weimer
2020-02-12 20:17 ` Andreas Schwab
2020-02-12 20:19 ` Rich Felker
2020-02-12 20:26 ` Florian Weimer
2020-02-12 20:38 ` Rich Felker
2020-02-12 20:27 ` Al Viro
2020-02-12 20:36 ` Rich Felker
2020-02-12 20:18 ` Rich Felker
2020-02-12 20:38 ` Paul Eggert [this message]
2020-02-21 4:09 ` Aleksa Sarai
2020-02-21 5:02 ` Al Viro
2020-02-21 5:21 ` Aleksa Sarai
2020-02-12 18:50 ` Florian Weimer
2020-02-12 18:55 ` Christoph Hellwig
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=33a0e120-14d7-7d9a-2e00-2fb7e1db99f7@cs.ucla.edu \
--to=eggert@cs.ucla.edu \
--cc=bug-gnulib@gnu.org \
--cc=dalias@libc.org \
--cc=darrick.wong@oracle.com \
--cc=fw@deneb.enyo.de \
--cc=hch@infradead.org \
--cc=libc-alpha@sourceware.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-xfs@vger.kernel.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).