Re: O_CREAT|O_DIRECTORY on nonexisting file with ext4 not posix-compliant

[NeilBrown <neilb@suse.de>]

[-- Attachment #1: Type: text/plain, Size: 2869 bytes --]

On Tue, 16 Dec 2014 10:42:30 +0000 Fiedler Roman <Roman.Fiedler@ait.ac.at>
wrote:

> > Von: NeilBrown [mailto:neilb@suse.de]
> >
> > On Mon, 15 Dec 2014 17:39:09 +0000 Fiedler Roman
> > <Roman.Fiedler@ait.ac.at>
> > wrote:
> >
> > > Hi,
> > >
> > > It seems that the open syscall is not POSIX-compliant when using both
> > > O_CREAT|O_DIRECTORY. This was discussed in [1] with a reference to the
> > POSIX
> > > documentation.
> >
> > Given that O_DIRECTORY is not part of POSIX, I don't think that
> > POSIX-compliance is an issue here.
> 
> That's strange. Shouldn't [1] be the current 2013 standard with O_DIRECTORY 
> for open on page 1380? If not, all clear. If yes, does Linux adhere to the 
> older version, e.g. 2008 instead?

I stand corrected.  It is mentioned in POSIX.1-2008.

> 
> > However the implementation does seem to differ from the Linux
> > documentation.
> >
> > I suggest you submit a patch to the manpages project to change
> >
> >   If  pathname  is  not a directory
> >
> > to
> >
> >   If  pathname exists and is  not a directory
> >
> > That should fix the problem.
> 
> When [1] is not the standard to be applied, we are done here. If yes, it could 
> be decided if the clarifications from [2] (link included in discussion [3] 
> from previous message) are already relevant.

My own perspective is that as O_DIRECTORY was first introduced in Linux, the
Linux implementation should be the gold standard.

Neither the Linux man page nor the Posix document are explicit about the
meaning of "O_DIRECTORY|O_CREAT", and both are explicit about the purpose
of O_DIRECTORY being to avoid races and specifically to avoid opening a FIFO
or device-special file - a purpose which carries no implications for
O_DIRECTORY|O_CREAT in the case where the name doesn't exist.

As the documents aren't explicit and the code is, I think the code should win.

It does seem from your second link that Posix may change to make Linux
non-conforming.  This seems totally backwards to me.  I thought Posix was
meant to describe existing practice, not impose upon existing implementations.

So I still think this is a documentation issue.

I guess your first statement stands;

  When [1] is not the standard to be applied, we are done here.

My understanding is that Linux follows Posix when it makes sense to do so
(which it often does).  It isn't clear that it does in this case.

NeilBrown

P.S.  Given that the intended semantics was clearly "Don't open a fifo or
special file', it would have been nice of the flag was O_NO_DEV_FIFO...
Hindsight gives 20/20 vision?


> 
> > [Snip]
> 
> 
> [1] http://cfajohnson.com/pdf/Portable_Operating_System_Interface-POSIX.pdf
> [2] http://austingroupbugs.net/view.php?id=847
> [3] http://www.openwall.com/lists/oss-security/2014/11/26/10


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 811 bytes --]