From: Rich Felker <dalias@libc.org>
To: Greg KH <gregkh@linuxfoundation.org>
Cc: linux-api@vger.kernel.org,
Alexander Viro <viro@zeniv.linux.org.uk>,
Christoph Hellwig <hch@infradead.org>,
linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH v2 1/2] vfs: block chmod of symlinks
Date: Wed, 16 Sep 2020 11:36:19 -0400 [thread overview]
Message-ID: <20200916153618.GT3265@brightrain.aerifal.cx> (raw)
In-Reply-To: <20200916061815.GB142621@kroah.com>
On Wed, Sep 16, 2020 at 08:18:15AM +0200, Greg KH wrote:
> On Tue, Sep 15, 2020 at 08:22:54PM -0400, Rich Felker wrote:
> > It was discovered while implementing userspace emulation of fchmodat
> > AT_SYMLINK_NOFOLLOW (using O_PATH and procfs magic symlinks; otherwise
> > it's not possible to target symlinks with chmod operations) that some
> > filesystems erroneously allow access mode of symlinks to be changed,
> > but return failure with EOPNOTSUPP (see glibc issue #14578 and commit
> > a492b1e5ef). This inconsistency is non-conforming and wrong, and the
> > consensus seems to be that it was unintentional to allow link modes to
> > be changed in the first place.
> >
> > Signed-off-by: Rich Felker <dalias@libc.org>
> > ---
> > fs/open.c | 6 ++++++
> > 1 file changed, 6 insertions(+)
> >
> > diff --git a/fs/open.c b/fs/open.c
> > index 9af548fb841b..cdb7964aaa6e 100644
> > --- a/fs/open.c
> > +++ b/fs/open.c
> > @@ -570,6 +570,12 @@ int chmod_common(const struct path *path, umode_t mode)
> > struct iattr newattrs;
> > int error;
> >
> > + /* Block chmod from getting to fs layer. Ideally the fs would either
> > + * allow it or fail with EOPNOTSUPP, but some are buggy and return
> > + * an error but change the mode, which is non-conforming and wrong. */
> > + if (S_ISLNK(inode->i_mode))
> > + return -EOPNOTSUPP;
>
> I still fail to understand why these "buggy" filesystems can not be
> fixed. Why are you papering over a filesystem-specific-bug with this
Because that's what Christoph wanted, and it seems exposure of the
vector for applying chmod to symlinks was unintentional to begin with.
I have no preference how this is fixed as long as breakage is not
exposed to userspace via the new fchmodat2 syscall (since a broken
syscall would be worse than not having it at all).
> core kernel change that we will forever have to keep?
There's no fundamental reason it would have to be kept forever. The
contract remains "either it works and reports success, or it makes no
change and reports EOPNOTSUPP". It just can't do both.
Rich
next prev parent reply other threads:[~2020-09-16 17:20 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-09-16 0:22 [PATCH v2 0/2] changes for addding fchmodat2 syscall Rich Felker
2020-09-16 0:22 ` [PATCH v2 1/2] vfs: block chmod of symlinks Rich Felker
2020-09-16 6:18 ` Greg KH
2020-09-16 6:23 ` Christoph Hellwig
2020-09-16 15:36 ` Rich Felker [this message]
2020-09-16 6:25 ` Christoph Hellwig
2020-09-16 15:41 ` Rich Felker
2020-09-17 4:07 ` Al Viro
2020-09-17 4:15 ` Al Viro
2020-09-17 18:42 ` Rich Felker
2020-09-29 17:49 ` Christoph Hellwig
2020-09-16 0:23 ` [PATCH v2 2/2] vfs: add fchmodat2 syscall Rich Felker
2020-09-16 6:01 ` Aleksa Sarai
2020-09-16 6:19 ` Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200916153618.GT3265@brightrain.aerifal.cx \
--to=dalias@libc.org \
--cc=gregkh@linuxfoundation.org \
--cc=hch@infradead.org \
--cc=linux-api@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).