On 08/09/2017 10:22 AM, Greg Kurz wrote:

>>> The solution is to use O_PATH: openat() now succeeds in both cases, and we
>>> can ensure the path isn't a symlink with fstat(). The associated entry in
>>> "/proc/self/fd" can hence be safely passed to the regular chmod() syscall.  
>> Hey - should we point this out as a viable solution to the glibc folks,
>> since their current user-space emulation of AT_SYMLINK_NOFOLLOW is broken?
> Probably. What's the best way to do that ?

I've added a comment to
https://sourceware.org/bugzilla/show_bug.cgi?id=14578; you'll also want
to point to the lkml discussion in that bug.  And reading that bug, it
also looks like your hack with /proc/self/fd has been proposed by Rich
Felker since 2013! (although fstat() didn't work until Linux 3.6, even
though O_PATH predates that time) - so there is that one additional
concern of whether we need to cater to the window of kernels where
O_PATH exists but fstat() on that fd can't learn whether we opened a

Eric Blake, Principal Software Engineer
Red Hat, Inc.           +1-919-301-3266
Virtualization:  qemu.org | libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to