From: "Oleg Verych" <olecom@gmail.com>
To: "Oleg Verych" <olecom@gmail.com>,
"Matthew Wilcox" <matthew@wil.cx>,
linux-fsdevel@vger.kernel.org
Subject: Re: euidaccess() as syscall
Date: Fri, 2 May 2008 19:45:42 +0100 [thread overview]
Message-ID: <8499950a0805021145l6df18c1ew425a2398589ad7f7@mail.gmail.com> (raw)
In-Reply-To: <20080502173343.GB1240@shareable.org>
Jamie Lokier @ Fri, 2 May 2008 18:33:43 +0100:
> Oleg Verych wrote:
> > open() will change timestamp. `bash` and `dash` have very broken workarounds of
> > access() in `test` due to euid requirements. I.e. read-only fs for
> > root or various
> > selinux-like restrictions are not shown unless open() is used.
> >
> > So, it's better just to use stat64(), right?
>
> The whole point of access() originally seems to be so you can check
> the real-user permissions, as there is no reliable way to do that
> otherwise.
Reliable in kernel or in userspace applications? The only problem i
see in sys_faccessat() is "There is a race here against sys_capset",
and it relates to that access() have to change `cap_effective'.
Scripts of ordinary single-users or correct applications may have no
problems with this. Yet former have problems with simple checks.
> euidaccess() was added much later. As noted, you can use open()
> instead. This is one reason why open() shouldn't change the
> timestamps: only reading and writing should do that.
More correctly: open() with some flags *will* change timestamp, thus
generally it does.
Matthew Wilcox @ Fri, 2 May 2008 11:35:13 -0600:
[]
> But if the shell is interpreting code, I would bet that a couple of euid
> changes aren't going to make even a blip in the overall performance
> profile. If I'm wrong, please show me!
glibc is only libc (from dietlibc, uclibc, klibc) have at least something called
euiaccess() or eaccess().
That code checks for uids; in case if non set-uid, it calls access() which does
uid/caps shuffling. This wrapping and shuffling is not needed in euidaccess()
syscall. No?
And finally in set-uid case it calls stat64() with
> I don't think stat64 will tell you about selinux or rofs restrictions.
side-effect.
Thus, i conclude, that there's no way of doing check simply for ordinary
situations. It may have side-effects for (rare case for shell scripts) of
set-uid application.
Unneeded code path is there, but i'm not sure run overhead is
measurable. Inflexibility and bug reports are, however.
--
sed 'sed && sh + olecom = love' << ''
-o--=O`C
#oo'L O
<___=E M
next prev parent reply other threads:[~2008-05-02 18:45 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-05-02 16:59 euidaccess() as syscall Oleg Verych
2008-05-02 17:06 ` Matthew Wilcox
2008-05-02 17:13 ` Oleg Verych
2008-05-02 17:33 ` Jamie Lokier
2008-05-02 18:45 ` Oleg Verych [this message]
2008-05-05 19:21 ` code example (Re: euidaccess() as syscall) Oleg Verych
2008-05-02 17:35 ` euidaccess() as syscall Matthew Wilcox
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8499950a0805021145l6df18c1ew425a2398589ad7f7@mail.gmail.com \
--to=olecom@gmail.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=matthew@wil.cx \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).