From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.ozlabs.org (lists.ozlabs.org [112.213.38.117]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 81F8BC001DC for ; Sat, 29 Jul 2023 05:41:38 +0000 (UTC) Received: from boromir.ozlabs.org (localhost [IPv6:::1]) by lists.ozlabs.org (Postfix) with ESMTP id 4RCYKD5Lslz3d9K for ; Sat, 29 Jul 2023 15:41:36 +1000 (AEST) Authentication-Results: lists.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=libc.org (client-ip=216.12.86.13; helo=brightrain.aerifal.cx; envelope-from=dalias@libc.org; receiver=lists.ozlabs.org) Received: from brightrain.aerifal.cx (brightrain.aerifal.cx [216.12.86.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 4RCGhV58l8z3cNv for ; Sat, 29 Jul 2023 04:42:17 +1000 (AEST) Date: Fri, 28 Jul 2023 14:42:12 -0400 From: "dalias@libc.org" To: David Laight Subject: Re: [PATCH v4 2/5] fs: Add fchmodat2() Message-ID: <20230728184212.GD20050@brightrain.aerifal.cx> References: <20230727.041348-imposing.uptake.velvet.nylon-712tDwzCAbCCoSGx@cyphar.com> <20230727.173441-loving.habit.lame.acrobat-V6VTPe8G4FRI@cyphar.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) X-Mailman-Approved-At: Sat, 29 Jul 2023 15:41:09 +1000 X-BeenThere: linuxppc-dev@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Linux on PowerPC Developers Mail List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: "kim.phillips@arm.com" , "linux-ia64@vger.kernel.org" , "fenghua.yu@intel.com" , "alexander.shishkin@linux.intel.com" , "catalin.marinas@arm.com" , Palmer Dabbelt , "x86@kernel.org" , "stefan@agner.ch" , "ldv@altlinux.org" , "dhowells@redhat.com" , "paulus@samba.org" , "deepa.kernel@gmail.com" , "hpa@zytor.com" , "sparclinux@vger.kernel.org" , "will@kernel.org" , "linux-arch@vger.kernel.org" , "linux-s390@vger.kernel.org" , "hare@suse.com" , "gor@linux.ibm.com" , "ysato@users.sourceforge.jp" , "deller@gmx.de" , "linux-sh@vger.ker nel.org" , "linux@armlinux.org.uk" , "borntraeger@de.ibm.com" , "mingo@redhat.com" , "geert@linux-m68k.org" , "jhogan@kernel.org" , "mattst88@gmail.com" , "linux-mips@vger.kernel.org" , "fweimer@redhat.com" , "tycho@tycho.ws" , Arnd Bergmann , "glebfm@altlinux.org" , "linuxppc-dev@lists.ozlabs.org" , "acme@kernel.org" , 'Aleksa Sarai' , "bp@alien8.de" , "viro@zeniv.linux.org.uk" , "luto@kernel.org" , "namhyung@kernel.org" , "tglx@linutronix.de" , "christian@brauner.io" , "axboe@kernel.dk" , "James.Bottomley@hansenpartnership.com" , "monstr@monstr.eu" , "tony.luck@intel.com" , "linux-parisc@vger.kernel.org" , "linux-m68k@lists.linux-m68k.org" , "linux-api@vger.kernel.org" , LKML , "ralf@linux-mips.org" , "peterz@infradead.org" , "linux-alpha@vger.kernel.org" , "linux-fsdevel@vger.kernel.org" , "ink@jurassic.park.msu.ru" , Alexey Gladkov , "davem@davemloft.net" Errors-To: linuxppc-dev-bounces+linuxppc-dev=archiver.kernel.org@lists.ozlabs.org Sender: "Linuxppc-dev" On Fri, Jul 28, 2023 at 08:43:58AM +0000, David Laight wrote: > .... > > FWIW, I agree with Christian that these behaviours are not ideal (and > > I'm working on a series that might allow for these things to be properly > > blocked in the future) but there's also the consistency argument -- I > > don't think fchownat() is much safer to allow in this way than > > fchmodat() and (again) this behaviour is already possible through > > procfs. > > If the 'through procfs' involves readlink("/proc/self/fd/n") and > accessing through the returned path then the permission checks > are different. > Using the returned path requires search permissions on all the > directories. That's *not* how "through procfs" works. The "magic symlinks" in /proc/*/fd are not actual symlinks that get dereferenced to the contents they readlink() to, but special-type objects that dereference directly to the underlying file associated with the open file description. Rich