Linux-Fsdevel Archive on lore.kernel.org
 help / color / Atom feed
From: Paul Eggert <eggert@cs.ucla.edu>
To: Florian Weimer <fw@deneb.enyo.de>, Al Viro <viro@zeniv.linux.org.uk>
Cc: "Darrick J. Wong" <darrick.wong@oracle.com>,
	Christoph Hellwig <hch@infradead.org>,
	linux-xfs@vger.kernel.org, libc-alpha@sourceware.org,
	linux-fsdevel@vger.kernel.org, Rich Felker <dalias@libc.org>,
	Gnulib bugs <bug-gnulib@gnu.org>
Subject: Re: XFS reports lchmod failure, but changes file system contents
Date: Wed, 12 Feb 2020 12:38:11 -0800
Message-ID: <33a0e120-14d7-7d9a-2e00-2fb7e1db99f7@cs.ucla.edu> (raw)
In-Reply-To: <87wo8rlgml.fsf@mid.deneb.enyo.de>

On 2/12/20 12:01 PM, Florian Weimer wrote:
> I assumed that an O_PATH descriptor was not intending to
> confer that capability.

I originally assumed the other way, as I don't see any security reason 
why fchmod should not work on O_PATH-opened descriptors. I see that the 
Linux man page says open+O_PATH doesn't work with fchmod, but that's 
just a bug in the spec.

In Android, the bionic C library has worked around this problem since 
2015 by wrapping fchmod so that it works even when the fd was 
O_PATH-opened. Bionic then uses O_PATH + fchmod to work around the 
fchmodat+AT_SYMLINK_NOFOLLOW problem[1]. glibc (and Gnulib, etc.) could 
do the same. It's the most sane way out of this mess.

[1] 
https://android.googlesource.com/platform/bionic/+/3cbc6c627fe57c9a9783c52d148078f8d52f7b96

  parent reply index

Thread overview: 22+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-02-12 11:48 Florian Weimer
2020-02-12 12:15 ` Florian Weimer
2020-02-12 16:16 ` Darrick J. Wong
2020-02-12 18:11   ` Christoph Hellwig
2020-02-12 18:37     ` Darrick J. Wong
2020-02-12 19:15       ` Florian Weimer
2020-02-12 19:51         ` Al Viro
2020-02-12 19:55           ` Rich Felker
2020-02-12 20:01           ` Florian Weimer
2020-02-12 20:17             ` Andreas Schwab
2020-02-12 20:19               ` Rich Felker
2020-02-12 20:26                 ` Florian Weimer
2020-02-12 20:38                   ` Rich Felker
2020-02-12 20:27                 ` Al Viro
2020-02-12 20:36                   ` Rich Felker
2020-02-12 20:18             ` Rich Felker
2020-02-12 20:38             ` Paul Eggert [this message]
2020-02-21  4:09             ` Aleksa Sarai
2020-02-21  5:02               ` Al Viro
2020-02-21  5:21                 ` Aleksa Sarai
2020-02-12 18:50     ` Florian Weimer
2020-02-12 18:55       ` Christoph Hellwig

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=33a0e120-14d7-7d9a-2e00-2fb7e1db99f7@cs.ucla.edu \
    --to=eggert@cs.ucla.edu \
    --cc=bug-gnulib@gnu.org \
    --cc=dalias@libc.org \
    --cc=darrick.wong@oracle.com \
    --cc=fw@deneb.enyo.de \
    --cc=hch@infradead.org \
    --cc=libc-alpha@sourceware.org \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=linux-xfs@vger.kernel.org \
    --cc=viro@zeniv.linux.org.uk \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Linux-Fsdevel Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-fsdevel/0 linux-fsdevel/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-fsdevel linux-fsdevel/ https://lore.kernel.org/linux-fsdevel \
		linux-fsdevel@vger.kernel.org
	public-inbox-index linux-fsdevel

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-fsdevel


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git