From: Christoph Hellwig <hch-jcswGhMUV9g@public.gmane.org>
To: Rich Felker <dalias-/miJ2pyFWUyWIDz0JBNUog@public.gmane.org>
Cc: linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
"Joseph S. Myers"
<joseph-qD8j1LwMmJjtCj0u4l0SBw@public.gmane.org>,
libc-alpha-9JcytcrH/bA+uJoB2kUjGw@public.gmane.org
Subject: Re: Request for comments: reserving a value for O_SEARCH and O_EXEC
Date: Tue, 6 Aug 2013 16:51:59 +0200 [thread overview]
Message-ID: <20130806145159.GA8192@lst.de> (raw)
In-Reply-To: <20130806143609.GV221-C3MtFaGISjmo6RMmaWD+6Sb1p8zYI1N1@public.gmane.org>
On Tue, Aug 06, 2013 at 10:36:10AM -0400, Rich Felker wrote:
> This is frustrating because early on in the O_PATH discussions on LKML
> when it was first added, there were requests for O_SEARCH and O_EXEC
> semantics in the kernel, and these requests were rejected with the
> response being roughly "you can do it in userspace using the more
> general O_PATH approach". So we have two contradictory conditions:
>
> - O_SEARCH/O_EXEC semantics won't be added in the kernel because you
> can do it in userspace with O_PATH.
>
> - O_SEARCH/O_EXEC can't be added in userspace because they can't be
> assigned a value without having an implementation in kernelspace.
>
> If there's a willingness to override/drop that previous decision
> (which I believe Linus was in on, but I'd have to search for the old
> threads again)
Yes, Linus has complained about it. Probably rightly so because the
O_EXEC and O_SEARCH semantics don't seem overly useful.
> then I can propose a patch. As far as I can tell, the
> simplest implementation would be to follow the O_PATH code path but
> include a check for this new mode and fail at the point of opening a
> symlink where O_NOFOLLOW is processed. I am not sufficiently familiar
> with this code to write the patch yet, but I can try to learn it. My
> guess is that the patch would be less than 20 lines, half of it being
> a change for the top-level O_PATH logic in openat that strips other
> flags when O_PATH is present and half of it being
<text missing here>
Besides the symlink semantics I think we should really get a narrow
implementation of it, that is really forbid everything but executing
it (if S_IREG()) or performing openat on it (if S_ISDIR).
For that we'd also want to move fexec(ve) into the kernel space.
> If I do this, do you have a recommendation on the value to use? My
> guess for the best choice would be O_PATH|3, so that O_PATH, O_SEARCH,
> O_EXEC, O_RDONLY, O_WRONLY, and O_RDWR can all fall under O_ACCMODE
> without adding more than one bit to O_ACCMODE. If we do it this way,
> the patch should also make it so the extra bits (bits 0 and 1) set at
> open time should be preserved when fcntl(F_GETFL) is called so that
> the application correctly sees the access mode it requested.
Note that "3" aready has a magic meaning on Linux:
"Linux reserves the special, nonstandard access mode 3 (binary 11) in flags
to mean: check for read and write permission on the file and return a
descriptor that can't be used for reading or writing. This nonstandard
access mode is used by some Linux drivers to return a descriptor that
is to be used only for device-specific ioctl(2) operations."
Given that it's limited to device nodes and a somewhat similar limitation
to O_SEARCH and O_EXEC it doesn't sound too bad.
next prev parent reply other threads:[~2013-08-06 14:51 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-08-05 22:25 Request for comments: reserving a value for O_SEARCH and O_EXEC Rich Felker
2013-08-06 5:54 ` Christoph Hellwig
[not found] ` <20130806055425.GA9280-jcswGhMUV9g@public.gmane.org>
2013-08-06 13:42 ` Rich Felker
2013-08-06 14:03 ` Christoph Hellwig
[not found] ` <20130806140321.GA4421-jcswGhMUV9g@public.gmane.org>
2013-08-06 14:36 ` Rich Felker
[not found] ` <20130806143609.GV221-C3MtFaGISjmo6RMmaWD+6Sb1p8zYI1N1@public.gmane.org>
2013-08-06 14:51 ` Christoph Hellwig [this message]
[not found] ` <20130806145159.GA8192-jcswGhMUV9g@public.gmane.org>
2013-08-06 15:23 ` Rich Felker
[not found] ` <20130806152316.GW221-C3MtFaGISjmo6RMmaWD+6Sb1p8zYI1N1@public.gmane.org>
2013-08-06 15:53 ` Joseph S. Myers
2013-08-06 15:54 ` Christoph Hellwig
[not found] ` <20130806155415.GA12926-jcswGhMUV9g@public.gmane.org>
2013-08-06 16:30 ` Rich Felker
-- strict thread matches above, loose matches on Subject: below --
2013-08-03 2:48 Rich Felker
[not found] ` <20130803024808.GA26932-C3MtFaGISjmo6RMmaWD+6Sb1p8zYI1N1@public.gmane.org>
2013-08-12 17:42 ` Andy Lutomirski
2013-08-12 17:42 ` Andy Lutomirski
[not found] ` <52091E6B.10800-3s7WtUTddSA@public.gmane.org>
2013-08-13 3:22 ` Rich Felker
2013-08-13 3:22 ` Rich Felker
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130806145159.GA8192@lst.de \
--to=hch-jcswghmuv9g@public.gmane.org \
--cc=dalias-/miJ2pyFWUyWIDz0JBNUog@public.gmane.org \
--cc=joseph-qD8j1LwMmJjtCj0u4l0SBw@public.gmane.org \
--cc=libc-alpha-9JcytcrH/bA+uJoB2kUjGw@public.gmane.org \
--cc=linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.