-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The kernel currently handles open() calls with flags having at least
O_DIRECTORY|O_CREAT set strangely (to say the least).  It creates a
regular file, completely ignoring the O_DIRECTORY bit.  One can argue
that open() does not perform any real checking on the parameters and
that it is the programmers responsibility, but there is a twist.

Some programs create temporary directory which they afterward use as the
working directory or changed root.  I.e., we have code like this:

  mkdir ("/some/dirRANDOM");
  chdir ("/some/dirRANDOM");

or

  mkdir ("/some/dirRANDOM");
  fd = open ("/some/dirRANDOM", O_DIRECTORY);
  fchdir (fd);

or

  mkdir ("/some/dirRANDOM");
  chroot ("/some/dirRANDOM");

All these pieces of code have an obvious flaw, a race.  There is no
atomic way to do what we want.

Now combine these two problems.  How about making this work?

  fd = open ("/some/dirRANDOM", O_RDONLY|O_CREAT|O_DIRECTORY|O_EXCL, 0700);
  fchdir (fd);

(and similarly for a new interface fchroot which I can add to glibc).

I've attached a little patch which does just that.  Some comments on the
code:

 ~ if an existing directory is opened with O_RDWR open() returns
- -EISDIR.  I've mimicked this, allthough the error code might not be the
most obvious.

 ~ O_TRUNC is not allowed.


The small attached patch implements this proposal.  At least it does
what I want it to do, no idea what bugs I introduce.

- --
➧ Ulrich Drepper ➧ Red Hat, Inc. ➧ 444 Castro St ➧ Mountain View, CA ❖
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQE/5WqW2ijCOnn/RHQRAjZEAJ9SxzM1O6B/hQZN5jabqSSzXXtZwQCdH2sd
hRr+ejRNAU4Cl9V8MXpBIYo=
=jXqY
-----END PGP SIGNATURE-----