From: Rich Felker <dalias@aerifal.cx>
To: Al Viro <viro@ZenIV.linux.org.uk>
Cc: David Drysdale <drysdale@google.com>,
"Michael Kerrisk (man-pages)" <mtk.manpages@gmail.com>,
"Eric W. Biederman" <ebiederm@xmission.com>,
Andy Lutomirski <luto@amacapital.net>,
Meredydd Luff <meredydd@senatehouse.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
Andrew Morton <akpm@linux-foundation.org>,
David Miller <davem@davemloft.net>,
Thomas Gleixner <tglx@linutronix.de>,
Stephen Rothwell <sfr@canb.auug.org.au>,
Oleg Nesterov <oleg@redhat.com>, Ingo Molnar <mingo@redhat.com>,
"H. Peter Anvin" <hpa@zytor.com>,
Kees Cook <keescook@chromium.org>, Arnd Bergmann <arnd@arndb.de>,
Christoph Hellwig <hch@infradead.org>, X86 ML <x86@kernel.org>,
linux-arch <linux-arch@vger.kernel.org>,
Linux API <linux-api@vger.kernel.org>,
sparclinux@vger.kernel.org
Subject: Re: [PATCHv10 man-pages 5/5] execveat.2: initial man page for execveat(2)
Date: Fri, 9 Jan 2015 18:12:48 -0500 [thread overview]
Message-ID: <20150109231248.GZ4574@brightrain.aerifal.cx> (raw)
In-Reply-To: <20150109225743.GP22149@ZenIV.linux.org.uk>
On Fri, Jan 09, 2015 at 10:57:43PM +0000, Al Viro wrote:
> On Fri, Jan 09, 2015 at 05:42:52PM -0500, Rich Felker wrote:
>
> > Here's a very simple way it could work -- it could put the O_PATH fd
> > on a previously-unused fd number, and put a special flag on the fd,
> > like FD_CLOEXEC, but that causes the kernel to close it whenever it's
> > opened. The pathname passed could then simply be /dev/fd/%d or
> > /proc/self/fd/%d, and although this is presently dependent on /proc
> > being mounted, virtual /dev/fd/* could someday be something completely
> > independent of procfs. The kernel keeps all the freedom to choose how
> > to pass the name to the interpreter. I'm not proposing any kernel
> > API/ABI lock-in and I'm with you in opposing such lock-in.
>
> Huh? open() on procfs symlinks does *NOT* work the way - the symlink is
> traversed and after that point there is no information whatsoever how we
> got to that vfsmount/dentry pair. I can imagine several kludges that would
> work, but they are unspeakably ugly, and do_last() is already far too
> convoluted as it is.
I'm not sure where you're disagreeing with me. open of procfs symlinks
does not resolve the symlink and open the resulting pathname. They are
"magic symlinks" which are bound to the inode of the open file. I
don't see why this action, which is already special for magic
symlinks, can't check a flag on the magic symlink and possibly close
the corresponding file descriptor as part of its action.
In any case, whether/how fexecve works with interpreters is something
the kernel can change without breaking userspace expectations. My goal
is to avoid creating any new API/ABI requirement here.
Rich
WARNING: multiple messages have this Message-ID (diff)
From: Rich Felker <dalias@aerifal.cx>
To: Al Viro <viro@ZenIV.linux.org.uk>
Cc: David Drysdale <drysdale@google.com>,
"Michael Kerrisk (man-pages)" <mtk.manpages@gmail.com>,
"Eric W. Biederman" <ebiederm@xmission.com>,
Andy Lutomirski <luto@amacapital.net>,
Meredydd Luff <meredydd@senatehouse.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
Andrew Morton <akpm@linux-foundation.org>,
David Miller <davem@davemloft.net>,
Thomas Gleixner <tglx@linutronix.de>,
Stephen Rothwell <sfr@canb.auug.org.au>,
Oleg Nesterov <oleg@redhat.com>, Ingo Molnar <mingo@redhat.com>,
"H. Peter Anvin" <hpa@zytor.com>,
Kees Cook <keescook@chromium.org>, Arnd Bergmann <arnd@arndb.de>,
Christoph Hellwig <hch@infradead.org>, X86 ML <x86@kernel.org>,
linux-arch <linux-arch@vger.kernel.org>,
Linux API <linux-api@vger.kernel.org>,
sparclinux@vger.kernel.org
Subject: Re: [PATCHv10 man-pages 5/5] execveat.2: initial man page for execveat(2)
Date: Fri, 09 Jan 2015 23:12:48 +0000 [thread overview]
Message-ID: <20150109231248.GZ4574@brightrain.aerifal.cx> (raw)
In-Reply-To: <20150109225743.GP22149@ZenIV.linux.org.uk>
On Fri, Jan 09, 2015 at 10:57:43PM +0000, Al Viro wrote:
> On Fri, Jan 09, 2015 at 05:42:52PM -0500, Rich Felker wrote:
>
> > Here's a very simple way it could work -- it could put the O_PATH fd
> > on a previously-unused fd number, and put a special flag on the fd,
> > like FD_CLOEXEC, but that causes the kernel to close it whenever it's
> > opened. The pathname passed could then simply be /dev/fd/%d or
> > /proc/self/fd/%d, and although this is presently dependent on /proc
> > being mounted, virtual /dev/fd/* could someday be something completely
> > independent of procfs. The kernel keeps all the freedom to choose how
> > to pass the name to the interpreter. I'm not proposing any kernel
> > API/ABI lock-in and I'm with you in opposing such lock-in.
>
> Huh? open() on procfs symlinks does *NOT* work the way - the symlink is
> traversed and after that point there is no information whatsoever how we
> got to that vfsmount/dentry pair. I can imagine several kludges that would
> work, but they are unspeakably ugly, and do_last() is already far too
> convoluted as it is.
I'm not sure where you're disagreeing with me. open of procfs symlinks
does not resolve the symlink and open the resulting pathname. They are
"magic symlinks" which are bound to the inode of the open file. I
don't see why this action, which is already special for magic
symlinks, can't check a flag on the magic symlink and possibly close
the corresponding file descriptor as part of its action.
In any case, whether/how fexecve works with interpreters is something
the kernel can change without breaking userspace expectations. My goal
is to avoid creating any new API/ABI requirement here.
Rich
next prev parent reply other threads:[~2015-01-09 23:13 UTC|newest]
Thread overview: 123+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-11-24 11:53 [PATCHv10 0/5] syscalls,x86,sparc: Add execveat() system call David Drysdale
2014-11-24 11:53 ` David Drysdale
2014-11-24 11:53 ` [PATCHv10 1/5] syscalls: implement " David Drysdale
2014-11-24 11:53 ` David Drysdale
2014-11-24 11:53 ` [PATCHv10 2/5] x86: Hook up execveat " David Drysdale
2014-11-24 12:45 ` Thomas Gleixner
2014-11-24 12:45 ` Thomas Gleixner
2014-11-24 12:45 ` Thomas Gleixner
2014-11-24 17:06 ` Dan Carpenter
2014-11-24 17:06 ` Dan Carpenter
2014-11-24 17:06 ` Dan Carpenter
2014-11-24 18:26 ` David Drysdale
2014-11-24 18:26 ` David Drysdale
2014-11-25 12:16 ` Dan Carpenter
2014-11-25 12:16 ` Dan Carpenter
2014-11-25 12:16 ` Dan Carpenter
2014-11-24 18:53 ` Thomas Gleixner
2014-11-24 18:53 ` Thomas Gleixner
2014-11-24 11:53 ` [PATCHv10 3/5] syscalls: add selftest for execveat(2) David Drysdale
2014-11-24 11:53 ` David Drysdale
2014-11-24 11:53 ` [PATCHv10 4/5] sparc: Hook up execveat system call David Drysdale
2014-11-24 18:36 ` David Miller
2014-11-24 18:36 ` David Miller
2014-11-24 11:53 ` [PATCHv10 man-pages 5/5] execveat.2: initial man page for execveat(2) David Drysdale
2015-01-09 15:47 ` Michael Kerrisk (man-pages)
2015-01-09 15:47 ` Michael Kerrisk (man-pages)
2015-01-09 16:13 ` Rich Felker
2015-01-09 16:13 ` Rich Felker
2015-01-09 17:46 ` David Drysdale
2015-01-09 17:46 ` David Drysdale
2015-01-09 17:46 ` David Drysdale
2015-01-09 20:48 ` Rich Felker
2015-01-09 20:48 ` Rich Felker
2015-01-09 20:48 ` Rich Felker
2015-01-09 20:56 ` Al Viro
2015-01-09 20:56 ` Al Viro
2015-01-09 20:59 ` Rich Felker
2015-01-09 20:59 ` Rich Felker
2015-01-09 20:59 ` Rich Felker
2015-01-09 21:09 ` Al Viro
2015-01-09 21:09 ` Al Viro
2015-01-09 21:09 ` Al Viro
2015-01-09 21:28 ` Rich Felker
2015-01-09 21:28 ` Rich Felker
2015-01-09 21:50 ` Al Viro
2015-01-09 21:50 ` Al Viro
2015-01-09 22:17 ` Rich Felker
2015-01-09 22:17 ` Rich Felker
2015-01-09 22:33 ` Al Viro
2015-01-09 22:33 ` Al Viro
2015-01-09 22:42 ` Rich Felker
2015-01-09 22:42 ` Rich Felker
2015-01-09 22:57 ` Al Viro
2015-01-09 22:57 ` Al Viro
2015-01-09 22:57 ` Al Viro
2015-01-09 23:12 ` Rich Felker [this message]
2015-01-09 23:12 ` Rich Felker
2015-01-09 23:24 ` Andy Lutomirski
2015-01-09 23:24 ` Andy Lutomirski
2015-01-09 23:37 ` Rich Felker
2015-01-09 23:37 ` Rich Felker
2015-01-10 0:01 ` Al Viro
2015-01-09 23:36 ` Al Viro
2015-01-09 23:36 ` Al Viro
2015-01-10 3:03 ` Al Viro
2015-01-10 3:03 ` Al Viro
2015-01-10 3:03 ` Al Viro
2015-01-10 3:41 ` Rich Felker
2015-01-10 3:41 ` Rich Felker
2015-01-10 4:14 ` Al Viro
2015-01-10 5:57 ` Rich Felker
2015-01-10 5:57 ` Rich Felker
2015-01-10 22:27 ` Eric W. Biederman
2015-01-10 22:27 ` Eric W. Biederman
2015-01-10 22:27 ` Eric W. Biederman
2015-01-11 1:15 ` Rich Felker
2015-01-11 1:15 ` Rich Felker
2015-01-11 2:09 ` Eric W. Biederman
2015-01-11 2:09 ` Eric W. Biederman
2015-01-11 2:09 ` Eric W. Biederman
2015-01-11 11:02 ` Christoph Hellwig
2015-01-11 11:02 ` Christoph Hellwig
2015-01-11 11:02 ` Christoph Hellwig
2015-01-12 14:18 ` David Drysdale
2015-01-09 22:13 ` Eric W. Biederman
2015-01-09 22:13 ` Eric W. Biederman
2015-01-09 22:13 ` Eric W. Biederman
2015-01-09 22:13 ` Eric W. Biederman
2015-01-09 22:38 ` Rich Felker
2015-01-09 22:38 ` Rich Felker
2015-01-10 1:17 ` Eric W. Biederman
2015-01-10 1:17 ` Eric W. Biederman
2015-01-10 1:17 ` Eric W. Biederman
2015-01-10 1:17 ` Eric W. Biederman
2015-01-10 1:33 ` Rich Felker
2015-01-10 1:33 ` Rich Felker
2015-01-10 1:33 ` Rich Felker
2015-01-12 11:33 ` David Drysdale
2015-01-12 16:07 ` Rich Felker
2015-01-12 16:07 ` Rich Felker
2015-01-10 7:13 ` Michael Kerrisk (man-pages)
2015-01-10 7:13 ` Michael Kerrisk (man-pages)
2015-01-09 21:20 ` Eric W. Biederman
2015-01-09 21:20 ` Eric W. Biederman
2015-01-09 21:20 ` Eric W. Biederman
2015-01-09 21:31 ` Rich Felker
2015-01-09 21:31 ` Rich Felker
2015-01-09 21:31 ` Rich Felker
2015-01-10 7:43 ` Michael Kerrisk (man-pages)
2015-01-10 7:43 ` Michael Kerrisk (man-pages)
2015-01-10 7:43 ` Michael Kerrisk (man-pages)
2015-01-10 8:27 ` Michael Kerrisk (man-pages)
2015-01-10 8:27 ` Michael Kerrisk (man-pages)
2015-01-10 13:31 ` Rich Felker
2015-01-10 13:31 ` Rich Felker
2015-01-10 7:38 ` Michael Kerrisk (man-pages)
2015-01-10 7:38 ` Michael Kerrisk (man-pages)
2015-01-10 7:38 ` Michael Kerrisk (man-pages)
2015-01-09 18:02 ` David Drysdale
2015-01-09 18:02 ` David Drysdale
2015-01-10 7:56 ` Michael Kerrisk (man-pages)
2015-01-10 7:56 ` Michael Kerrisk (man-pages)
2015-01-10 7:56 ` Michael Kerrisk (man-pages)
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150109231248.GZ4574@brightrain.aerifal.cx \
--to=dalias@aerifal.cx \
--cc=akpm@linux-foundation.org \
--cc=arnd@arndb.de \
--cc=davem@davemloft.net \
--cc=drysdale@google.com \
--cc=ebiederm@xmission.com \
--cc=hch@infradead.org \
--cc=hpa@zytor.com \
--cc=keescook@chromium.org \
--cc=linux-api@vger.kernel.org \
--cc=linux-arch@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=meredydd@senatehouse.org \
--cc=mingo@redhat.com \
--cc=mtk.manpages@gmail.com \
--cc=oleg@redhat.com \
--cc=sfr@canb.auug.org.au \
--cc=sparclinux@vger.kernel.org \
--cc=tglx@linutronix.de \
--cc=viro@ZenIV.linux.org.uk \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.