From: Ameer Hamza <ahamza@ixsystems.com>
To: Christian Brauner <brauner@kernel.org>
Cc: viro@zeniv.linux.org.uk, jlayton@kernel.org,
chuck.lever@oracle.com, arnd@arndb.de, guoren@kernel.org,
palmer@rivosinc.com, f.fainelli@gmail.com, slark_xiao@163.com,
linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-arch@vger.kernel.org, awalker@ixsystems.com
Subject: Re: [PATCH] Add new open(2) flag - O_EMPTY_PATH
Date: Wed, 19 Apr 2023 06:15:29 +0500 [thread overview]
Message-ID: <ZD9AsWMnNKJ4dpjm@hamza-pc> (raw)
In-Reply-To: <20230106130651.vxz7pjtu5gvchdgt@wittgenstein>
On Fri, Jan 06, 2023 at 02:06:51PM +0100, Christian Brauner wrote:
> On Wed, Dec 28, 2022 at 09:02:49PM +0500, Ameer Hamza wrote:
> > This patch adds a new flag O_EMPTY_PATH that allows openat and open
> > system calls to open a file referenced by fd if the path is empty,
> > and it is very similar to the FreeBSD O_EMPTY_PATH flag. This can be
> > beneficial in some cases since it would avoid having to grant /proc
> > access to things like samba containers for reopening files to change
> > flags in a race-free way.
> >
> > Signed-off-by: Ameer Hamza <ahamza@ixsystems.com>
> > ---
>
> In general this isn't a bad idea and Aleksa and I proposed this as part
> of the openat2() patchset (see [1]).
>
> However, the reason we didn't do this right away was that we concluded
> that it shouldn't be simply adding a flag. Reopening file descriptors
> through procfs is indeed very useful and is often required. But it's
> also been an endless source of subtle bugs and security holes as it
> allows reopening file descriptors with more permissions than the
> original file descriptor had.
>
> The same lax behavior should not be encoded into O_EMPTYPATH. Ideally we
> would teach O_EMPTYPATH to adhere to magic link modes by default. This
> would be tied to the idea of upgrade mask in openat2() (cf. [2]). They
> allow a caller to specify the permissions that a file descriptor may be
> reopened with at the time the fd is opened.
>
> [1]: https://lore.kernel.org/lkml/20190930183316.10190-4-cyphar@cyphar.com/
> [2]: https://lore.kernel.org/all/20220526130355.fo6gzbst455fxywy@senku/Kk
Thank you for the detailed explanation and sorry for getting back late
at it. It seems like a pre-requisite for O_EMPTYPATH is to make it safe
and that depends on a patchset that Aleksa was working on. It would be
helpful to know the current status of that effort and if we could expect
it in the near future.
The repo[1] that was mentioned here[2] seems to be private. I am wondering
if there's a way to look at the patch somehow.
[1]: https://github.com/cyphar/linux/tree/magiclink/main
[2]: https://lore.kernel.org/all/20220526130952.z5efngrnh7xtli32@senku/
next prev parent reply other threads:[~2023-04-19 1:15 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-12-28 16:02 [PATCH] Add new open(2) flag - O_EMPTY_PATH Ameer Hamza
2022-12-31 0:15 ` kernel test robot
2022-12-31 23:56 ` [PATCH v2] " Ameer Hamza
2023-01-01 11:16 ` kernel test robot
2023-01-01 15:37 ` [PATCH v3] " Ameer Hamza
2023-01-02 14:01 ` [PATCH v2] " David Laight
2023-01-02 14:35 ` Ameer Hamza
2023-01-06 9:21 ` David Laight
2023-01-06 13:06 ` [PATCH] " Christian Brauner
2023-04-19 1:15 ` Ameer Hamza [this message]
[not found] ` <7454A798-1277-411A-853C-635B33439029@gmail.com>
2023-04-19 9:18 ` Christian Brauner
2023-04-19 21:29 ` David Laight
2023-04-26 13:10 ` Andrew Walker
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZD9AsWMnNKJ4dpjm@hamza-pc \
--to=ahamza@ixsystems.com \
--cc=arnd@arndb.de \
--cc=awalker@ixsystems.com \
--cc=brauner@kernel.org \
--cc=chuck.lever@oracle.com \
--cc=f.fainelli@gmail.com \
--cc=guoren@kernel.org \
--cc=jlayton@kernel.org \
--cc=linux-arch@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=palmer@rivosinc.com \
--cc=slark_xiao@163.com \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).