This is the mail archive of the
cygwin-patches
mailing list for the Cygwin project.
Re: [PATCH v2 0/3] Support opening a symlink with O_PATH | O_NOFOLLOW
- From: Ken Brown <kbrown at cornell dot edu>
- To: "cygwin-patches at cygwin dot com" <cygwin-patches at cygwin dot com>
- Date: Mon, 13 Jan 2020 18:50:05 +0000
- Subject: Re: [PATCH v2 0/3] Support opening a symlink with O_PATH | O_NOFOLLOW
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cornell.edu; dmarc=pass action=none header.from=cornell.edu; dkim=pass header.d=cornell.edu; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=g/wrX+pggYJ4RaU39eU80hT3SPArWupGhgcn1abaqF8=; b=iRL7wL8zSbw3MiDUClW7jAZ1QfJCz0bQPhwkxMZrsbqI9MWHvvxg7TaeEbnbnGGVXRLzY5NRdY2ykL74hNEYfW4+pGfSyJcvLDzQQN8xachH57JNMHXqYWxEaGoWxW170O+GvnF3TaGX6WvD8K/YXIaAZLMLVqBIQ3OXejN5CRm3bgEeTFZQG4Gbr2Gpna1VK2N2M3Vf3JDG04F4iVOncRcqotE3izj+skfBZx8VX46wn2l2ZnFtcRg5ptmdrz+biNQlrzC54Nbkvyp4pwYSrAQUeFa6xhdrRvZSEJZY/089xUw2uyxSqalVfPQuDVhS009ixLPCsSbqkh4mPRq1Eg==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=hcN3kZkZrNXjTrT428gFpOybPBN5NWkFLx8Jd6iL60BLQHhpnK6mbZRIpy6V2tCRBZbXqucUa648NDH+SdRICJcHlstkeMdaqsC7ATSt3QzlgHthNoDdZ+CmSZeM676eWp9gBzVegs2mLI559+MmYv5WSYezJUE7sCKlhBg7kYBPGSXx/lT0AsXCSkew4MZ7bXGIpq3oULdx1469V2n3mJaJQQmu42Tpcpqz+tU9jU7odP+DDIKsm/aaKIKeq191M61yOntwyQCJJJDZtvG8CRTsmf7cWjcvgkTroshS4PdPwyTZaDKYsbcGomIvJBtCDG5/5MAHMNCqDNZc2u2jbg==
- References: <20191229175637.1050-1-kbrown@cornell.edu> <20200113152809.GE5858@calimero.vinschen.de> <9f83d272-2dad-f652-d0c8-f3eb3b425ac2@cornell.edu> <20200113183430.GR5858@calimero.vinschen.de> <20200113183952.GS5858@calimero.vinschen.de>
On 1/13/2020 1:39 PM, Corinna Vinschen wrote:
> On Jan 13 19:34, Corinna Vinschen wrote:
>> On Jan 13 16:53, Ken Brown wrote:
>>> On 1/13/2020 10:28 AM, Corinna Vinschen wrote:
>>>> On Dec 29 17:56, Ken Brown wrote:
>>>>> [...]
>>>>> Note: The man page mentions fchownat and linkat also. linkat already
>>>>> supports the AT_EMPTY_PATH flag, so nothing needs to be done. But I
>>>>> don't understand how this could work for fchownat, because fchown
>>>>> fails with EBADF if its fd argument was opened with O_PATH. So I
>>>>> haven't touched fchownat.
>>>>
>>>> It was never supposed to work that way. We can make fchownat work
>>>> with AT_EMPTY_PATH, but using it on a file opened with O_PATH
>>>> contradicts the Linux open(2) man page, afaics:
>>>>
>>>> O_PATH (since Linux 2.6.39)
>>>> Obtain a file descriptor that can be used for two purposes: to
>>>> indicate a location in the filesystem tree and to perform opera‐
>>>> tions that act purely at the file descriptor level. The file
>>>> itself is not opened, and other file operations (e.g., read(2),
>>>> write(2), fchmod(2), fchown(2), fgetxattr(2), ioctl(2), mmap(2))
>>>> ^^^^^^^^^
>>>> fail with the error EBADF.
>>>> ^^^^^^^^^ ^^^^^
>>>>
>>>> That'd from the current F31 man pages.
>>>>
>>>>> Am I missing something?
>>>>
>>>> Good question. Let me ask in return, did *I* now miss something?
>>>
>>> I don't think so. I think we agree, although maybe I didn't express myself
>>> clearly enough for that to be obvious. What confused me was the following
>>> paragraph further down in the open(2) man page (still discussing O_PATH):
>>>
>>> If pathname is a symbolic link and the O_NOFOLLOW flag is also
>>> specified, then the call returns a file descriptor referring
>>> to the symbolic link. This file descriptor can be used as the
>>> dirfd argument in calls to fchownat(2), fstatat(2), linkat(2),
>>> ^^^^^^^^^^^
>>> and readlinkat(2) with an empty pathname to have the calls
>>> operate on the symbolic link.
>>
>> That's the part I missed, apparently. Implementing fchownat like this
>> may be a bit upside down. The problem is that open(O_PATH) opens the
>> file with query_read_attributes (aka READ_CONTROL | FILE_READ_ATTRIBUTES),
>> to make sure the calls mentioned in the snippet I pasted don't succeed.
>>
>> If fchownat is supposed to work on a symlink like this, the easiest
>> approach may be checking for this scenario in fchownat and calling
>> lchown on the pathname instead. Or something along these lines.
>
> The alternative would be to open the sylink with more permissions, i.e.,
> query_write_control, aka READ_CONTROL | WRITE_OWNER | WRITE_DAC |
> FILE_WRITE_ATTRIBUTES. I'm just hesitant to open up the descriptor
> like this. It probably allows too many actions on the descriptor
> from user space...
OK, I'll follow your first suggestion, then, after verifying that fchownat
really does work on a symlink opened this way on Linux. I guess I was
misinterpreting the man page.
Ken