On 5/17/2025 12:06 PM, Cheyenne Wills wrote:
On Tue, 29 Apr 2025 17:37:31 +0100 David Howells <dhowe...@redhat.com> wrote:....This can be tested by creating a sticky directory (the user must have a token to do this) and creating a file in it. Then strace bash doing "echo foo >>file" and look at whether bash does a single, successful O_CREAT open on the file or whether that one fails and then bash does one without O_CREAT that succeeds.I performed the following test on 2 systems, one a centos 6 system with bash 4.1.2 running openafs 1.8.13.1, the other, a current gentoo system with bash 5.2 (without the "afs" USE option as well) with openafs built off the master branch. ... So, assuming David's test is correct, it appears that the bash workaround in redir_open is no longer needed with the more recent openafs versions.
David's test is for the fs/protected_regular functionality which is broken with regards to AFS when the local uid namespace and the AFS uid namespace are disjoint. His test is not for the situation which caused bash to add the open(flags & ~O_CREAT) fallback logic in 1992. The Linux fs/protected_regular functionality is not present in CentOS 6 kernel so could not be triggered by the test; and bash on gentoo is built without the fallback and the fs/protected_regular functionality might not be enabled by default. It should also be noted that the OS for which the bash fallback logic was introduced was not Linux.
I do not believe that any conclusions can be made from the tests that have been performed.
IBM AFS 3.2 included a client side change to address the narrow use case involving AFS ACLs granting only "liw" rights which broke the CMU mail delivery system. However, IBM did not address all of the possible scenarios which could result in an O_CREAT open failing with EACCES when a ~O_CREAT open would succeed for an existing file. For example, the fileserver will fail MkDir, CreateFile and CreateSymlink with EACCES instead of EEXIST if the caller lacks PRSFS_INSERT. A comprehensive analysis of client side behavior in OpenAFS has not been performed by AuriStor.
Jeffrey Altman
smime.p7s
Description: S/MIME Cryptographic Signature
