archive mirror
 help / color / mirror / Atom feed
From: Ameer Hamza <>
To: Christian Brauner <>
Subject: Re: [PATCH] Add new open(2) flag - O_EMPTY_PATH
Date: Wed, 19 Apr 2023 06:15:29 +0500	[thread overview]
Message-ID: <ZD9AsWMnNKJ4dpjm@hamza-pc> (raw)
In-Reply-To: <20230106130651.vxz7pjtu5gvchdgt@wittgenstein>

On Fri, Jan 06, 2023 at 02:06:51PM +0100, Christian Brauner wrote:
> On Wed, Dec 28, 2022 at 09:02:49PM +0500, Ameer Hamza wrote:
> > This patch adds a new flag O_EMPTY_PATH that allows openat and open
> > system calls to open a file referenced by fd if the path is empty,
> > and it is very similar to the FreeBSD O_EMPTY_PATH flag. This can be
> > beneficial in some cases since it would avoid having to grant /proc
> > access to things like samba containers for reopening files to change
> > flags in a race-free way.
> > 
> > Signed-off-by: Ameer Hamza <>
> > ---
> In general this isn't a bad idea and Aleksa and I proposed this as part
> of the openat2() patchset (see [1]).
> However, the reason we didn't do this right away was that we concluded
> that it shouldn't be simply adding a flag. Reopening file descriptors
> through procfs is indeed very useful and is often required. But it's
> also been an endless source of subtle bugs and security holes as it
> allows reopening file descriptors with more permissions than the
> original file descriptor had.
> The same lax behavior should not be encoded into O_EMPTYPATH. Ideally we
> would teach O_EMPTYPATH to adhere to magic link modes by default. This
> would be tied to the idea of upgrade mask in openat2() (cf. [2]). They
> allow a caller to specify the permissions that a file descriptor may be
> reopened with at the time the fd is opened.
> [1]:
> [2]:

Thank you for the detailed explanation and sorry for getting back late
at it. It seems like a pre-requisite for O_EMPTYPATH is to make it safe
and that depends on a patchset that Aleksa was working on. It would be
helpful to know the current status of that effort and if we could expect
it in the near future.

The repo[1] that was mentioned here[2] seems to be private. I am wondering
if there's a way to look at the patch somehow.


  reply	other threads:[~2023-04-19  1:15 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-12-28 16:02 [PATCH] Add new open(2) flag - O_EMPTY_PATH Ameer Hamza
2022-12-31  0:15 ` kernel test robot
2022-12-31 23:56   ` [PATCH v2] " Ameer Hamza
2023-01-01 11:16     ` kernel test robot
2023-01-01 15:37       ` [PATCH v3] " Ameer Hamza
2023-01-02 14:01     ` [PATCH v2] " David Laight
2023-01-02 14:35       ` Ameer Hamza
2023-01-06  9:21         ` David Laight
2023-01-06 13:06 ` [PATCH] " Christian Brauner
2023-04-19  1:15   ` Ameer Hamza [this message]
     [not found]     ` <>
2023-04-19  9:18       ` Christian Brauner
2023-04-19 21:29     ` David Laight
2023-04-26 13:10       ` Andrew Walker

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=ZD9AsWMnNKJ4dpjm@hamza-pc \ \ \ \ \ \ \ \ \ \ \ \ \ \ \

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).