From: ebiederm@xmission.com (Eric W. Biederman)
To: Petr Baudis <pasky@ucw.cz>
Cc: linux-kernel@vger.kernel.org
Subject: Re: Dumpable tasks and ownership of /proc/*/fd
Date: Mon, 10 Apr 2006 01:42:03 -0600 [thread overview]
Message-ID: <m1r745ho6s.fsf@ebiederm.dsl.xmission.com> (raw)
In-Reply-To: <20060410065332.GD16588@pasky.or.cz> (Petr Baudis's message of "Mon, 10 Apr 2006 08:53:32 +0200")
Petr Baudis <pasky@ucw.cz> writes:
> Dear diary, on Mon, Apr 10, 2006 at 07:43:03AM CEST, I got a letter
> where "Eric W. Biederman" <ebiederm@xmission.com> said that...
>> Speaking of things why does the *at() emulation need to touch
>> /proc/self/fd/*? I may be completely dense but if the practical
>> justification for allowing access to /proc/self/fd/ is that we
>> already have access then we shouldn't need /proc/self/fd.
>>
>> I suspect this a matter of convenience where you are prepending
>> /proc/self/fd/xxx/ to the path before you open it instead of calling
>> fchdir openat() and the doing fchdir back. Have I properly guessed
>> how the *at() emulation works?
>
> Ok, now I'm not completely following you. Only i386 and x86_64 appears
> to provide the openat() syscall (only in new kernels, furthermore) and
> glibc otherwise emulates openat(n, "relpath") with
> open("/proc/self/fd/<n>/relpath"). I don't know of any other way how to
> emulate it.
I can think of a couple of ways, but thanks for confirming
I properly guessed how the openat emulation was working.
The first point to note is that fixing proc and exporting
syscalls to new architectures is going to take about equally
long with a chance that fixing proc will take longer because
that needs to be understood.
With that said I can think of a couple of different ways
to implement openat that won't have proc permission problems.
The most straight forward is:
int openat(int dirfd, const char *path, int flags, int mode)
{
int orig_dir_fd;
int result;
lock()
orig_dir_fd = open(".");
fchdir(dirfd);
result = open(relpath);
fchdir(orig_dir_fd);
close(orig_dir_fd);
unlock();
return result;
}
I suspect something like the above needs to be considered if
you want the emulation to work on old kernels, in the presence
of suid applications.
I will look at fixing proc but I none of my work on /proc
is going to get merged until 2.6.18 at this point.
I doubt a proc permission change could count as a simply
a bug fix, and even then it doesn't matter because it won't
be available for your emulation.
Although I guess you could attempt to use /proc/self/fd/<n>
and if that gets a permission problem try a slower but more
reliable path in the emulation.
Eric
next prev parent reply other threads:[~2006-04-10 7:43 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-04-08 12:08 Dumpable tasks and ownership of /proc/*/fd Petr Baudis
2006-04-10 5:43 ` Eric W. Biederman
2006-04-10 6:53 ` Petr Baudis
2006-04-10 7:42 ` Eric W. Biederman [this message]
2006-04-11 13:40 ` Petr Baudis
[not found] <5Zkqr-5LI-5@gated-at.bofh.it>
[not found] ` <5ZXrM-3qg-3@gated-at.bofh.it>
2006-04-11 19:30 ` Bodo Eggert
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=m1r745ho6s.fsf@ebiederm.dsl.xmission.com \
--to=ebiederm@xmission.com \
--cc=linux-kernel@vger.kernel.org \
--cc=pasky@ucw.cz \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox