From mboxrd@z Thu Jan 1 00:00:00 1970 From: Rich Felker Subject: Re: [PATCHv10 man-pages 5/5] execveat.2: initial man page for execveat(2) Date: Fri, 9 Jan 2015 17:17:28 -0500 Message-ID: <20150109221728.GW4574@brightrain.aerifal.cx> References: <1416830039-21952-6-git-send-email-drysdale@google.com> <54AFF813.7050604@gmail.com> <20150109161302.GQ4574@brightrain.aerifal.cx> <20150109204815.GR4574@brightrain.aerifal.cx> <20150109205626.GK22149@ZenIV.linux.org.uk> <20150109205926.GT4574@brightrain.aerifal.cx> <20150109210941.GL22149@ZenIV.linux.org.uk> <20150109212852.GU4574@brightrain.aerifal.cx> <20150109215042.GM22149@ZenIV.linux.org.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Return-path: Content-Disposition: inline In-Reply-To: <20150109215042.GM22149@ZenIV.linux.org.uk> Sender: sparclinux-owner@vger.kernel.org To: Al Viro Cc: David Drysdale , "Michael Kerrisk (man-pages)" , "Eric W. Biederman" , Andy Lutomirski , Meredydd Luff , "linux-kernel@vger.kernel.org" , Andrew Morton , David Miller , Thomas Gleixner , Stephen Rothwell , Oleg Nesterov , Ingo Molnar , "H. Peter Anvin" , Kees Cook , Arnd Bergmann , Christoph Hellwig , X86 ML , linux-arch , Linux API , sparclinux@vger.kernel.org List-Id: linux-arch.vger.kernel.org On Fri, Jan 09, 2015 at 09:50:42PM +0000, Al Viro wrote: > On Fri, Jan 09, 2015 at 04:28:52PM -0500, Rich Felker wrote: > > > The "magic open-once magic symlink" approach is really the cleanest > > solution I can find. In the case where the interpreter does not open > > the script, nothing terribly bad happens; the magic symlink just > > sticks around until _exit or exec. In the case where the interpreter > > opens it more than once, you get a failure, but as far as I know > > existing interpreters don't do this, and it's arguably bad design. In > > any case it's a caught error. > > You know what's cleaner than that? git revert 27d6ec7ad > It has just been merged; until 3.19 it's fair game for removal. > > And yes, I should've NAKed the damn thing loud and clear, rather than > asking questions back then, getting no answers and letting it slip. > Mea culpa. > > Back then the procfs-free environments had been pushed as a serious argument > in favour of merging the damn thing. Now you guys turn around and say that > we not only need procfs mounted, we need a yet-to-be-added kludge in there > to cope with the actual intended uses. Reverting does not fix the problem. There is no way to make fexecve work for scripts without kernel support, and the needed kernel support without fexecve would be even nastier, since handling of /proc/self/fd magic-symlinks would need to be special-cased. The added fexecveat syscall supports fully /proc-less operation for non-scripts. Rich From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from 216-12-86-13.cv.mvl.ntelos.net ([216.12.86.13]:36299 "EHLO brightrain.aerifal.cx" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751951AbbAIWSR (ORCPT ); Fri, 9 Jan 2015 17:18:17 -0500 Date: Fri, 9 Jan 2015 17:17:28 -0500 From: Rich Felker Subject: Re: [PATCHv10 man-pages 5/5] execveat.2: initial man page for execveat(2) Message-ID: <20150109221728.GW4574@brightrain.aerifal.cx> References: <1416830039-21952-6-git-send-email-drysdale@google.com> <54AFF813.7050604@gmail.com> <20150109161302.GQ4574@brightrain.aerifal.cx> <20150109204815.GR4574@brightrain.aerifal.cx> <20150109205626.GK22149@ZenIV.linux.org.uk> <20150109205926.GT4574@brightrain.aerifal.cx> <20150109210941.GL22149@ZenIV.linux.org.uk> <20150109212852.GU4574@brightrain.aerifal.cx> <20150109215042.GM22149@ZenIV.linux.org.uk> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20150109215042.GM22149@ZenIV.linux.org.uk> Sender: linux-arch-owner@vger.kernel.org List-ID: To: Al Viro Cc: David Drysdale , "Michael Kerrisk (man-pages)" , "Eric W. Biederman" , Andy Lutomirski , Meredydd Luff , "linux-kernel@vger.kernel.org" , Andrew Morton , David Miller , Thomas Gleixner , Stephen Rothwell , Oleg Nesterov , Ingo Molnar , "H. Peter Anvin" , Kees Cook , Arnd Bergmann , Christoph Hellwig , X86 ML , linux-arch , Linux API , sparclinux@vger.kernel.org Message-ID: <20150109221728.AAVN6rcogjLnA4qBi0U2ASrG_C0CkXV1L9370c9s5sY@z> On Fri, Jan 09, 2015 at 09:50:42PM +0000, Al Viro wrote: > On Fri, Jan 09, 2015 at 04:28:52PM -0500, Rich Felker wrote: > > > The "magic open-once magic symlink" approach is really the cleanest > > solution I can find. In the case where the interpreter does not open > > the script, nothing terribly bad happens; the magic symlink just > > sticks around until _exit or exec. In the case where the interpreter > > opens it more than once, you get a failure, but as far as I know > > existing interpreters don't do this, and it's arguably bad design. In > > any case it's a caught error. > > You know what's cleaner than that? git revert 27d6ec7ad > It has just been merged; until 3.19 it's fair game for removal. > > And yes, I should've NAKed the damn thing loud and clear, rather than > asking questions back then, getting no answers and letting it slip. > Mea culpa. > > Back then the procfs-free environments had been pushed as a serious argument > in favour of merging the damn thing. Now you guys turn around and say that > we not only need procfs mounted, we need a yet-to-be-added kludge in there > to cope with the actual intended uses. Reverting does not fix the problem. There is no way to make fexecve work for scripts without kernel support, and the needed kernel support without fexecve would be even nastier, since handling of /proc/self/fd magic-symlinks would need to be special-cased. The added fexecveat syscall supports fully /proc-less operation for non-scripts. Rich