From: Al Viro <viro-3bDd1+5oDREiFSDQTTA3OLVCufUGDwFn@public.gmane.org>
To: Andy Lutomirski <luto-kltTT9wpgjJwATOyAt5JVQ@public.gmane.org>
Cc: David Drysdale <drysdale-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>,
"Eric W. Biederman"
<ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>,
Meredydd Luff <meredydd-zPN50pYk8eUaUu29zAJCuw@public.gmane.org>,
"linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org"
<linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
Thomas Gleixner <tglx-hfZtesqFncYOwBW4kG4KsQ@public.gmane.org>,
Ingo Molnar <mingo-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
"H. Peter Anvin" <hpa-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org>,
Andrew Morton
<akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org>,
Kees Cook <keescook-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org>,
Arnd Bergmann <arnd-r2nGTMty4D4@public.gmane.org>,
X86 ML <x86-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>,
linux-arch <linux-arch-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
Linux API <linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>
Subject: Re: [PATCHv4 RESEND 0/3] syscalls,x86: Add execveat() system call
Date: Sun, 19 Oct 2014 22:29:21 +0100 [thread overview]
Message-ID: <20141019212921.GI7996@ZenIV.linux.org.uk> (raw)
In-Reply-To: <CALCETrVZUW2iPtfFJtGnWd2RsYLwjGRGYuujrVqcOsO5oBB8Cg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
On Sun, Oct 19, 2014 at 01:37:54PM -0700, Andy Lutomirski wrote:
> > The question I hadn't seen really answered through all of that was how to
> > deal with #!... "Just use d_path()" isn't particulary appealing - if that
> > file has a pathname reachable for you, you could bloody well use _that_
> > from the very beginning.
>
> Does this matter for absolute paths after #! (or for absolute paths to
> ELF interpreters)? Does anyone use relative paths there?
It's not about what's after #!; it's what we *append* to what's after #!
that is interesting. Recall how #! works - we turn execve() of something
that starts with e.g. "#!/usr/bin/make -f\n" into execve of /usr/bin/make,
with (/usr/bin/make, -f, name of that file, argv[1]..argv[argc]) as
arguments list. With make(1) doing opening and reading the file, as it
would for any makefile. Or /bin/sh opening and reading the script, etc.
Pathname of interpreter is a non-issue (and ELF ones don't go anywhere
near that path anyway).
> Does execve("/proc/self/fd/N", ...) not work correctly now?
Yes, it does. And if procfs is there, this syscall is completely pointless.
The main argument in favour of adding it to the kernel (rather than doing
in userland) has been "but what of the people who don't want procfs mounted
in there?".
> Presumably relative paths should be relative to the execed program, or
> maybe there should be a flag to execveat that disallows that behavior
> entirely, or maybe it should never work, even through /proc. I don't
> really like the idea that an fd pointing at a *file* should allow
> access to its directory.
Huh? What are you talking about? And who the hell cares whether it's
absolute or relative?
> I'm not convinced that these semantics are better than /proc/self/fd's
> in many contexts. I don't really like the idea that catting some file
> can *change* the position of one of my open file descriptors.
Er... You do realize that if descriptor refers to the same file,
cat <&<that descriptor> will change position of your other descriptor,
right? BTW, on *BSD /dev/stdin *does* have a dup()-style semantics.
They do it at the price of very convoluted code in their VFS, but that's
how it works there. And in Plan 9, and (AFAIK) in Solaris...
WARNING: multiple messages have this Message-ID (diff)
From: Al Viro <viro@ZenIV.linux.org.uk>
To: Andy Lutomirski <luto@amacapital.net>
Cc: David Drysdale <drysdale@google.com>,
"Eric W. Biederman" <ebiederm@xmission.com>,
Meredydd Luff <meredydd@senatehouse.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, "H. Peter Anvin" <hpa@zytor.com>,
Andrew Morton <akpm@linux-foundation.org>,
Kees Cook <keescook@chromium.org>, Arnd Bergmann <arnd@arndb.de>,
X86 ML <x86@kernel.org>, linux-arch <linux-arch@vger.kernel.org>,
Linux API <linux-api@vger.kernel.org>
Subject: Re: [PATCHv4 RESEND 0/3] syscalls,x86: Add execveat() system call
Date: Sun, 19 Oct 2014 22:29:21 +0100 [thread overview]
Message-ID: <20141019212921.GI7996@ZenIV.linux.org.uk> (raw)
Message-ID: <20141019212921.PZ-YXjsekeAoFjr19LdLEtJ53NFvkvWshY75tR9-yz0@z> (raw)
In-Reply-To: <CALCETrVZUW2iPtfFJtGnWd2RsYLwjGRGYuujrVqcOsO5oBB8Cg@mail.gmail.com>
On Sun, Oct 19, 2014 at 01:37:54PM -0700, Andy Lutomirski wrote:
> > The question I hadn't seen really answered through all of that was how to
> > deal with #!... "Just use d_path()" isn't particulary appealing - if that
> > file has a pathname reachable for you, you could bloody well use _that_
> > from the very beginning.
>
> Does this matter for absolute paths after #! (or for absolute paths to
> ELF interpreters)? Does anyone use relative paths there?
It's not about what's after #!; it's what we *append* to what's after #!
that is interesting. Recall how #! works - we turn execve() of something
that starts with e.g. "#!/usr/bin/make -f\n" into execve of /usr/bin/make,
with (/usr/bin/make, -f, name of that file, argv[1]..argv[argc]) as
arguments list. With make(1) doing opening and reading the file, as it
would for any makefile. Or /bin/sh opening and reading the script, etc.
Pathname of interpreter is a non-issue (and ELF ones don't go anywhere
near that path anyway).
> Does execve("/proc/self/fd/N", ...) not work correctly now?
Yes, it does. And if procfs is there, this syscall is completely pointless.
The main argument in favour of adding it to the kernel (rather than doing
in userland) has been "but what of the people who don't want procfs mounted
in there?".
> Presumably relative paths should be relative to the execed program, or
> maybe there should be a flag to execveat that disallows that behavior
> entirely, or maybe it should never work, even through /proc. I don't
> really like the idea that an fd pointing at a *file* should allow
> access to its directory.
Huh? What are you talking about? And who the hell cares whether it's
absolute or relative?
> I'm not convinced that these semantics are better than /proc/self/fd's
> in many contexts. I don't really like the idea that catting some file
> can *change* the position of one of my open file descriptors.
Er... You do realize that if descriptor refers to the same file,
cat <&<that descriptor> will change position of your other descriptor,
right? BTW, on *BSD /dev/stdin *does* have a dup()-style semantics.
They do it at the price of very convoluted code in their VFS, but that's
how it works there. And in Plan 9, and (AFAIK) in Solaris...
next prev parent reply other threads:[~2014-10-19 21:29 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-06-05 13:40 [PATCHv4 RESEND 0/3] syscalls,x86: Add execveat() system call David Drysdale
2014-06-05 13:40 ` David Drysdale
2014-06-05 13:40 ` [PATCHv4 RESEND 1/3] syscalls,x86: implement " David Drysdale
[not found] ` <1401975635-6162-2-git-send-email-drysdale-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>
2014-06-23 18:39 ` Kees Cook
2014-06-23 18:39 ` Kees Cook
2014-06-05 13:40 ` [PATCHv4 RESEND 2/3] syscalls,x86: add selftest for execveat(2) David Drysdale
2014-06-05 13:40 ` David Drysdale
2014-06-05 13:40 ` [PATCHv4 RESEND man-pages 3/3] execveat.2: initial man page " David Drysdale
2014-06-05 13:40 ` David Drysdale
2014-06-05 17:14 ` [PATCHv4 RESEND 0/3] syscalls,x86: Add execveat() system call Kees Cook
[not found] ` <1401975635-6162-1-git-send-email-drysdale-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>
2014-10-17 21:45 ` Andy Lutomirski
2014-10-17 21:45 ` Andy Lutomirski
2014-10-19 0:20 ` Eric W. Biederman
2014-10-19 0:20 ` Eric W. Biederman
2014-10-19 19:11 ` Andy Lutomirski
[not found] ` <87zjcszz8y.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2014-10-20 13:48 ` David Drysdale
2014-10-20 13:48 ` David Drysdale
[not found] ` <CAHse=S-Xyk7CFn=tAGzo+tuUFt+04aBw+mGQmi=kWAaBJGALBw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-10-20 22:48 ` Andy Lutomirski
2014-10-20 22:48 ` Andy Lutomirski
[not found] ` <CALCETrXBjLZTWVJfcsE4NA-JP9zSSgn=6ND0=cZ9BTy=CoN7pA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-10-21 4:29 ` Eric W. Biederman
2014-10-21 4:29 ` Eric W. Biederman
[not found] ` <87ioje2ggq.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2014-10-22 11:08 ` David Drysdale
2014-10-22 11:08 ` David Drysdale
2014-10-22 17:40 ` Eric W. Biederman
2014-10-27 18:01 ` David Drysdale
2014-10-27 18:01 ` David Drysdale
2014-10-19 20:20 ` Al Viro
[not found] ` <20141019202034.GH7996-3bDd1+5oDREiFSDQTTA3OLVCufUGDwFn@public.gmane.org>
2014-10-19 20:37 ` Andy Lutomirski
2014-10-19 20:37 ` Andy Lutomirski
[not found] ` <CALCETrVZUW2iPtfFJtGnWd2RsYLwjGRGYuujrVqcOsO5oBB8Cg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-10-19 21:29 ` Al Viro [this message]
2014-10-19 21:29 ` Al Viro
[not found] ` <20141019212921.GI7996-3bDd1+5oDREiFSDQTTA3OLVCufUGDwFn@public.gmane.org>
2014-10-19 22:16 ` Andy Lutomirski
2014-10-19 22:16 ` Andy Lutomirski
2014-10-19 22:42 ` Al Viro
2014-10-19 23:35 ` Andy Lutomirski
2014-10-19 23:35 ` Andy Lutomirski
2014-10-25 21:22 ` Pavel Machek
2014-10-19 20:53 ` H. Peter Anvin
2014-10-19 20:53 ` H. Peter Anvin
2014-10-22 11:54 ` Christoph Hellwig
2014-10-22 11:54 ` Christoph Hellwig
2014-10-22 11:54 ` Christoph Hellwig
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20141019212921.GI7996@ZenIV.linux.org.uk \
--to=viro-3bdd1+5odreifsdqtta3olvcufugdwfn@public.gmane.org \
--cc=akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org \
--cc=arnd-r2nGTMty4D4@public.gmane.org \
--cc=drysdale-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org \
--cc=ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org \
--cc=hpa-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org \
--cc=keescook-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org \
--cc=linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-arch-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=luto-kltTT9wpgjJwATOyAt5JVQ@public.gmane.org \
--cc=meredydd-zPN50pYk8eUaUu29zAJCuw@public.gmane.org \
--cc=mingo-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=tglx-hfZtesqFncYOwBW4kG4KsQ@public.gmane.org \
--cc=x86-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).