Module Name: src
Committed By: dholland
Date: Sun Jan 13 08:15:03 UTC 2013
Modified Files:
src/lib/libc/sys: access.2 chmod.2 chown.2 link.2 mkdir.2 mkfifo.2
mknod.2 open.2 readlink.2 rename.2 stat.2 symlink.2 unlink.2
utimes.2
src/sys/kern: vfs_syscalls.c
src/sys/sys: fcntl.h
src/tests/lib/libc/c063: t_o_search.c
Log Message:
Revert defective O_SEARCH implementation committed by manu@ along with
the *at system calls on November 18th of last year. Reasons to revert
it include:
- it is incorrect in a whole variety of ways (but fortunately, one
of them is that the missing and improper permission checks have
no net effect);
- it was committed without review or discussion;
- core ruled that all the new O_* flags pertaining to the *at calls
needed to wait until their semantics could be clarified.
manu was asked to revert it on these grounds but has ignored the request.
I have left O_SEARCH defined and visible and made open() explicitly
ignore it. This way, most code that tries to use it will continue to
build and run. I've also arranged lib/libc/c063/t_o_search.c so that
the tests that make use of the O_SEARCH semantics will disappear until
O_SEARCH comes back, and fixed some mistakes and/or incorrect hacks
that were causing some of these to succeed despite the broken O_SEARCH
implementation.
To generate a diff of this commit:
cvs rdiff -u -r1.31 -r1.32 src/lib/libc/sys/access.2
cvs rdiff -u -r1.44 -r1.45 src/lib/libc/sys/chmod.2
cvs rdiff -u -r1.34 -r1.35 src/lib/libc/sys/chown.2
cvs rdiff -u -r1.29 -r1.30 src/lib/libc/sys/link.2 \
src/lib/libc/sys/readlink.2
cvs rdiff -u -r1.26 -r1.27 src/lib/libc/sys/mkdir.2 src/lib/libc/sys/rename.2 \
src/lib/libc/sys/unlink.2
cvs rdiff -u -r1.24 -r1.25 src/lib/libc/sys/mkfifo.2 \
src/lib/libc/sys/symlink.2
cvs rdiff -u -r1.25 -r1.26 src/lib/libc/sys/mknod.2
cvs rdiff -u -r1.54 -r1.55 src/lib/libc/sys/open.2
cvs rdiff -u -r1.53 -r1.54 src/lib/libc/sys/stat.2
cvs rdiff -u -r1.35 -r1.36 src/lib/libc/sys/utimes.2
cvs rdiff -u -r1.462 -r1.463 src/sys/kern/vfs_syscalls.c
cvs rdiff -u -r1.44 -r1.45 src/sys/sys/fcntl.h
cvs rdiff -u -r1.2 -r1.3 src/tests/lib/libc/c063/t_o_search.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/lib/libc/sys/access.2
diff -u src/lib/libc/sys/access.2:1.31 src/lib/libc/sys/access.2:1.32
--- src/lib/libc/sys/access.2:1.31 Sat Jan 12 19:21:48 2013
+++ src/lib/libc/sys/access.2 Sun Jan 13 08:15:02 2013
@@ -1,4 +1,4 @@
-.\" $NetBSD: access.2,v 1.31 2013/01/12 19:21:48 dholland Exp $
+.\" $NetBSD: access.2,v 1.32 2013/01/13 08:15:02 dholland Exp $
.\"
.\" Copyright (c) 1980, 1991, 1993
.\" The Regents of the University of California. All rights reserved.
@@ -107,11 +107,26 @@ mode bits.
The file descriptor
.Fa fd
must name a directory.
-Search permission is required on this directory except if
-.Fa fd
-was opened with the
-.Dv O_SEARCH
-flag.
+Search permission is required on this directory.
+.\" (These alternatives await a decision about the semantics of O_SEARCH)
+.\" Search permission is required on this directory, except if
+.\" .Fa fd
+.\" was opened with the
+.\" .Dv O_SEARCH
+.\" flag.
+.\" - or -
+.\" The directory referred to by
+.\" .Fa fd
+.\" must have been opened with the
+.\" .Dv O_SEARCH
+.\" flag.
+.\" - or -
+.\" The directory referred to by
+.\" .Fa fd
+.\" must have been opened with the
+.\" .Dv O_SEARCH
+.\" flag or must be searchable by the current process at the time the
+.\" call is made.
.Pp
The
.Fa flags
Index: src/lib/libc/sys/chmod.2
diff -u src/lib/libc/sys/chmod.2:1.44 src/lib/libc/sys/chmod.2:1.45
--- src/lib/libc/sys/chmod.2:1.44 Sat Dec 1 21:07:00 2012
+++ src/lib/libc/sys/chmod.2 Sun Jan 13 08:15:02 2013
@@ -1,4 +1,4 @@
-.\" $NetBSD: chmod.2,v 1.44 2012/12/01 21:07:00 wiz Exp $
+.\" $NetBSD: chmod.2,v 1.45 2013/01/13 08:15:02 dholland Exp $
.\"
.\" Copyright (c) 1980, 1991, 1993
.\" The Regents of the University of California. All rights reserved.
@@ -90,7 +90,18 @@ is relative.
In that case, it is looked up from a directory whose file
descriptor was passed as
.Fa fd .
-Search permission is required on
+Search permission is required on this directory.
+.\" (These alternatives await a decision about the semantics of O_SEARCH)
+.\" Search permission is required on this directory
+.\" except if
+.\" .Fa fd
+.\" was opened with the
+.\" .Dv O_SEARCH
+.\" flag.
+.\" - or -
+.\" This file descriptor must have been opened with the
+.\" .Dv O_SEARCH
+.\" flag.
.Fa fd
except if that file descriptor was opened with the
.Dv O_SEARCH
Index: src/lib/libc/sys/chown.2
diff -u src/lib/libc/sys/chown.2:1.34 src/lib/libc/sys/chown.2:1.35
--- src/lib/libc/sys/chown.2:1.34 Sat Dec 1 20:53:10 2012
+++ src/lib/libc/sys/chown.2 Sun Jan 13 08:15:02 2013
@@ -1,4 +1,4 @@
-.\" $NetBSD: chown.2,v 1.34 2012/12/01 20:53:10 wiz Exp $
+.\" $NetBSD: chown.2,v 1.35 2013/01/13 08:15:02 dholland Exp $
.\"
.\" Copyright (c) 1980, 1991, 1993, 1994
.\" The Regents of the University of California. All rights reserved.
@@ -119,11 +119,18 @@ is relative.
In that case, it is looked up from a directory whose file
descriptor was passed as
.Fa fd .
-Search permission is required on
-.Fa fd
-except if that file descriptor was opened with the
-.Dv O_SEARCH
-flag.
+Search permission is required on this directory.
+.\" (These alternatives await a decision about the semantics of O_SEARCH)
+.\" Search permission is required on this directory
+.\" except if
+.\" .Fa fd
+.\" was opened with the
+.\" .Dv O_SEARCH
+.\" flag.
+.\" - or -
+.\" This file descriptor must have been opened with the
+.\" .Dv O_SEARCH
+.\" flag.
.Fa fd
can be set to
.Dv AT_FDCWD
Index: src/lib/libc/sys/link.2
diff -u src/lib/libc/sys/link.2:1.29 src/lib/libc/sys/link.2:1.30
--- src/lib/libc/sys/link.2:1.29 Sat Dec 1 20:48:26 2012
+++ src/lib/libc/sys/link.2 Sun Jan 13 08:15:02 2013
@@ -1,4 +1,4 @@
-.\" $NetBSD: link.2,v 1.29 2012/12/01 20:48:26 wiz Exp $
+.\" $NetBSD: link.2,v 1.30 2013/01/13 08:15:02 dholland Exp $
.\"
.\" Copyright (c) 1980, 1991, 1993, 2011
.\" The Regents of the University of California. All rights reserved.
@@ -94,11 +94,26 @@ descriptor was passed as
.Fa fd1
(resp.
.Fa fd2 ) .
-Search permission is required on
-passed directory file descriptors
-except if they were opened with the
-.Dv O_SEARCH
-flag.
+Search permission is required on the directories named by
+.Fa fd1
+and
+.Fa fd2.
+.\" (These alternatives await a decision about the semantics of O_SEARCH)
+.\" Search permission is required on the directories named by
+.\" .Fa fd1
+.\" and
+.\" .Fa fd2
+.\" unless they were opened with the
+.\" .Dv O_SEARCH
+.\" flag.
+.\" - or -
+.\" The directories named by
+.\" .Fa fd1
+.\" and
+.\" .Fa fd2
+.\" must have been opened with the
+.\" .Dv O_SEARCH
+.\" flag.
.Fa fd1
or
.Fa fd2
Index: src/lib/libc/sys/readlink.2
diff -u src/lib/libc/sys/readlink.2:1.29 src/lib/libc/sys/readlink.2:1.30
--- src/lib/libc/sys/readlink.2:1.29 Sat Dec 1 20:50:19 2012
+++ src/lib/libc/sys/readlink.2 Sun Jan 13 08:15:02 2013
@@ -1,4 +1,4 @@
-.\" $NetBSD: readlink.2,v 1.29 2012/12/01 20:50:19 wiz Exp $
+.\" $NetBSD: readlink.2,v 1.30 2013/01/13 08:15:02 dholland Exp $
.\"
.\" Copyright (c) 1983, 1991, 1993
.\" The Regents of the University of California. All rights reserved.
@@ -68,11 +68,18 @@ is relative.
In that case, it is looked up from a directory whose file
descriptor was passed as
.Fa fd .
-Search permission is required on
-.Fa fd
-except if that file descriptor was opened with the
-.Dv O_SEARCH
-flag.
+Search permission is required on this directory.
+.\" (These alternatives await a decision about the semantics of O_SEARCH)
+.\" Search permission is required on this directory
+.\" except if
+.\" .Fa fd
+.\" was opened with the
+.\" .Dv O_SEARCH
+.\" flag.
+.\" - or -
+.\" This file descriptor must have been opened with the
+.\" .Dv O_SEARCH
+.\" flag.
.Fa fd
can be set to
.Dv AT_FDCWD
Index: src/lib/libc/sys/mkdir.2
diff -u src/lib/libc/sys/mkdir.2:1.26 src/lib/libc/sys/mkdir.2:1.27
--- src/lib/libc/sys/mkdir.2:1.26 Sat Dec 1 20:55:13 2012
+++ src/lib/libc/sys/mkdir.2 Sun Jan 13 08:15:02 2013
@@ -1,4 +1,4 @@
-.\" $NetBSD: mkdir.2,v 1.26 2012/12/01 20:55:13 wiz Exp $
+.\" $NetBSD: mkdir.2,v 1.27 2013/01/13 08:15:02 dholland Exp $
.\"
.\" Copyright (c) 1983, 1991, 1993
.\" The Regents of the University of California. All rights reserved.
@@ -62,11 +62,18 @@ is relative.
In that case, it is looked up from a directory whose file
descriptor was passed as
.Fa fd .
-Search permission is required on
-.Fa fd
-except if that file descriptor was opened with the
-.Dv O_SEARCH
-flag.
+Search permission is required this directory.
+.\" (These alternatives await a decision about the semantics of O_SEARCH)
+.\" Search permission is required on this directory
+.\" except if
+.\" .Fa fd
+.\" was opened with the
+.\" .Dv O_SEARCH
+.\" flag.
+.\" - or -
+.\" This file descriptor must have been opened with the
+.\" .Dv O_SEARCH
+.\" flag.
.Fa fd
can be set to
.Dv AT_FDCWD
Index: src/lib/libc/sys/rename.2
diff -u src/lib/libc/sys/rename.2:1.26 src/lib/libc/sys/rename.2:1.27
--- src/lib/libc/sys/rename.2:1.26 Sat Dec 1 21:07:00 2012
+++ src/lib/libc/sys/rename.2 Sun Jan 13 08:15:02 2013
@@ -1,4 +1,4 @@
-.\" $NetBSD: rename.2,v 1.26 2012/12/01 21:07:00 wiz Exp $
+.\" $NetBSD: rename.2,v 1.27 2013/01/13 08:15:02 dholland Exp $
.\"
.\" Copyright (c) 1983, 1991, 1993
.\" The Regents of the University of California. All rights reserved.
@@ -93,11 +93,26 @@ descriptor was passed as
.Fa fromfd
(resp.
.Fa tofd ).
-Search permission is required on
-passed directory file descriptors
-except if they were opened with the
-.Dv O_SEARCH
-option.
+Search permission is required on the directories named by
+.Fa fromfd
+and
+.Fa tofd.
+.\" (These alternatives await a decision about the semantics of O_SEARCH)
+.\" Search permission is required on the directories named by
+.\" .Fa fromfd
+.\" and
+.\" .Fa tofd
+.\" unless they were opened with the
+.\" .Dv O_SEARCH
+.\" flag.
+.\" - or -
+.\" The directories named by
+.\" .Fa fromfd
+.\" and
+.\" .Fa tofd
+.\" must have been opened with the
+.\" .Dv O_SEARCH
+.\" flag.
.Fa fromfd
or
.Fa tofd
Index: src/lib/libc/sys/unlink.2
diff -u src/lib/libc/sys/unlink.2:1.26 src/lib/libc/sys/unlink.2:1.27
--- src/lib/libc/sys/unlink.2:1.26 Sat Dec 1 21:07:00 2012
+++ src/lib/libc/sys/unlink.2 Sun Jan 13 08:15:02 2013
@@ -1,4 +1,4 @@
-.\" $NetBSD: unlink.2,v 1.26 2012/12/01 21:07:00 wiz Exp $
+.\" $NetBSD: unlink.2,v 1.27 2013/01/13 08:15:02 dholland Exp $
.\"
.\" Copyright (c) 1980, 1991, 1993
.\" The Regents of the University of California. All rights reserved.
@@ -70,11 +70,18 @@ is relative.
In that case, it is looked up from a directory whose file
descriptor was passed as
.Fa fd .
-Search permission is required on
-.Fa fd
-except if that file descriptor was opened with the
-.Dv O_SEARCH
-option.
+Search permission is required on this directory.
+.\" (These alternatives await a decision about the semantics of O_SEARCH)
+.\" Search permission is required on this directory
+.\" except if
+.\" .Fa fd
+.\" was opened with the
+.\" .Dv O_SEARCH
+.\" flag.
+.\" - or -
+.\" This file descriptor must have been opened with the
+.\" .Dv O_SEARCH
+.\" flag.
.Fa fd
can be set to
.Dv AT_FDCWD
Index: src/lib/libc/sys/mkfifo.2
diff -u src/lib/libc/sys/mkfifo.2:1.24 src/lib/libc/sys/mkfifo.2:1.25
--- src/lib/libc/sys/mkfifo.2:1.24 Sat Dec 1 21:07:00 2012
+++ src/lib/libc/sys/mkfifo.2 Sun Jan 13 08:15:02 2013
@@ -1,4 +1,4 @@
-.\" $NetBSD: mkfifo.2,v 1.24 2012/12/01 21:07:00 wiz Exp $
+.\" $NetBSD: mkfifo.2,v 1.25 2013/01/13 08:15:02 dholland Exp $
.\"
.\" Copyright (c) 1990, 1991, 1993
.\" The Regents of the University of California. All rights reserved.
@@ -64,11 +64,18 @@ is relative.
In that case, it is looked up from a directory whose file
descriptor was passed as
.Fa fd .
-Search permission is required on
-.Fa fd
-except if that file descriptor was opened with the
-.Dv O_SEARCH
-flag.
+Search permission is required on this directory.
+.\" (These alternatives await a decision about the semantics of O_SEARCH)
+.\" Search permission is required on this directory
+.\" except if
+.\" .Fa fd
+.\" was opened with the
+.\" .Dv O_SEARCH
+.\" flag.
+.\" - or -
+.\" This file descriptor must have been opened with the
+.\" .Dv O_SEARCH
+.\" flag.
.Fa fd
can be set to
.Dv AT_FDCWD
Index: src/lib/libc/sys/symlink.2
diff -u src/lib/libc/sys/symlink.2:1.24 src/lib/libc/sys/symlink.2:1.25
--- src/lib/libc/sys/symlink.2:1.24 Sat Dec 1 21:07:00 2012
+++ src/lib/libc/sys/symlink.2 Sun Jan 13 08:15:02 2013
@@ -1,4 +1,4 @@
-.\" $NetBSD: symlink.2,v 1.24 2012/12/01 21:07:00 wiz Exp $
+.\" $NetBSD: symlink.2,v 1.25 2013/01/13 08:15:02 dholland Exp $
.\"
.\" Copyright (c) 1983, 1991, 1993
.\" The Regents of the University of California. All rights reserved.
@@ -67,11 +67,18 @@ is relative.
In that case, it is looked up from a directory whose file
descriptor was passed as
.Fa fd .
-Search permission is required on
-.Fa fd
-except if that file descriptor was opened with the
-.Dv O_SEARCH
-flag.
+Search permission is required on this directory.
+.\" (These alternatives await a decision about the semantics of O_SEARCH)
+.\" Search permission is required on this directory
+.\" except if
+.\" .Fa fd
+.\" was opened with the
+.\" .Dv O_SEARCH
+.\" flag.
+.\" - or -
+.\" This file descriptor must have been opened with the
+.\" .Dv O_SEARCH
+.\" flag.
.Fa fd
can be set to
.Dv AT_FDCWD
Index: src/lib/libc/sys/mknod.2
diff -u src/lib/libc/sys/mknod.2:1.25 src/lib/libc/sys/mknod.2:1.26
--- src/lib/libc/sys/mknod.2:1.25 Sat Dec 1 21:07:00 2012
+++ src/lib/libc/sys/mknod.2 Sun Jan 13 08:15:02 2013
@@ -1,4 +1,4 @@
-.\" $NetBSD: mknod.2,v 1.25 2012/12/01 21:07:00 wiz Exp $
+.\" $NetBSD: mknod.2,v 1.26 2013/01/13 08:15:02 dholland Exp $
.\"
.\" Copyright (c) 1980, 1991, 1993
.\" The Regents of the University of California. All rights reserved.
@@ -67,11 +67,18 @@ is relative.
In that case, it is looked up from a directory whose file
descriptor was passed as
.Fa fd .
-Search permission is required on
-.Fa fd
-except if that file descriptor was opened with the
-.Dv O_SEARCH
-option.
+Search permission is required on this directory.
+.\" (These alternatives await a decision about the semantics of O_SEARCH)
+.\" Search permission is required on this directory
+.\" except if
+.\" .Fa fd
+.\" was opened with the
+.\" .Dv O_SEARCH
+.\" flag.
+.\" - or -
+.\" This file descriptor must have been opened with the
+.\" .Dv O_SEARCH
+.\" flag.
.Fa fd
can be set to
.Dv AT_FDCWD
Index: src/lib/libc/sys/open.2
diff -u src/lib/libc/sys/open.2:1.54 src/lib/libc/sys/open.2:1.55
--- src/lib/libc/sys/open.2:1.54 Sat Dec 1 21:07:00 2012
+++ src/lib/libc/sys/open.2 Sun Jan 13 08:15:02 2013
@@ -1,4 +1,4 @@
-.\" $NetBSD: open.2,v 1.54 2012/12/01 21:07:00 wiz Exp $
+.\" $NetBSD: open.2,v 1.55 2013/01/13 08:15:02 dholland Exp $
.\"
.\" Copyright (c) 1980, 1991, 1993
.\" The Regents of the University of California. All rights reserved.
@@ -62,11 +62,18 @@ is relative.
In that case, it is looked up from a directory whose file
descriptor was passed as
.Fa fd .
-Search permission is required on
-.Fa fd
-except if that file descriptor was opened with the
-.Dv O_SEARCH
-option.
+Search permission is required on this directory.
+.\" (These alternatives await a decision about the semantics of O_SEARCH)
+.\" Search permission is required on this directory
+.\" except if
+.\" .Fa fd
+.\" was opened with the
+.\" .Dv O_SEARCH
+.\" flag.
+.\" - or -
+.\" This file descriptor must have been opened with the
+.\" .Dv O_SEARCH
+.\" flag.
.Fa fd
can be set to
.Dv AT_FDCWD
@@ -187,23 +194,24 @@ Enable the
signal to be sent to the process group
when I/O is possible, e.g.,
upon availability of data to be read.
-.It Dv O_SEARCH
-If opening a directory, search permission checks will not be performed on
-subsequent usage of the file descriptor for looking up relative paths by
-.Xr faccessat 2 ,
-.Xr fchmodat 2 ,
-.Xr fchownat 2 ,
-.Xr fstatat 2 ,
-.Xr linkat 2 ,
-.Xr mkdirat 2 ,
-.Xr mkfifoat 2 ,
-.Xr mknodat 2 ,
-.Xr openat 2 ,
-.Xr readlinkat 2 ,
-.Xr symlinkat 2 ,
-.Xr unlinkat 2 ,
-and
-.Xr utimensat 2 .
+.\" (This block awaits a decision about the semantics of O_SEARCH)
+.\" .It Dv O_SEARCH
+.\" If opening a directory, search permission checks will not be performed on
+.\" subsequent usage of the file descriptor for looking up relative paths by
+.\" .Xr faccessat 2 ,
+.\" .Xr fchmodat 2 ,
+.\" .Xr fchownat 2 ,
+.\" .Xr fstatat 2 ,
+.\" .Xr linkat 2 ,
+.\" .Xr mkdirat 2 ,
+.\" .Xr mkfifoat 2 ,
+.\" .Xr mknodat 2 ,
+.\" .Xr openat 2 ,
+.\" .Xr readlinkat 2 ,
+.\" .Xr symlinkat 2 ,
+.\" .Xr unlinkat 2 ,
+.\" and
+.\" .Xr utimensat 2 .
.El
.Pp
Opening a file with
@@ -437,9 +445,10 @@ and
.Dv O_RSYNC
are extensions defined in
.St -p1003.1b-93 .
-.Dv O_SEARCH
-is defined in
-.St -p1003.1-2008 .
+.\" (This block awaits a decision about the semantics of O_SEARCH)
+.\" .Dv O_SEARCH
+.\" is defined in
+.\" .St -p1003.1-2008 .
.Pp
The
.Dv O_SHLOCK
Index: src/lib/libc/sys/stat.2
diff -u src/lib/libc/sys/stat.2:1.53 src/lib/libc/sys/stat.2:1.54
--- src/lib/libc/sys/stat.2:1.53 Sat Dec 1 21:07:00 2012
+++ src/lib/libc/sys/stat.2 Sun Jan 13 08:15:02 2013
@@ -1,4 +1,4 @@
-.\" $NetBSD: stat.2,v 1.53 2012/12/01 21:07:00 wiz Exp $
+.\" $NetBSD: stat.2,v 1.54 2013/01/13 08:15:02 dholland Exp $
.\"
.\" Copyright (c) 1980, 1991, 1993, 1994
.\" The Regents of the University of California. All rights reserved.
@@ -91,11 +91,18 @@ is relative.
In that case, it is looked up from a directory whose file
descriptor was passed as
.Fa fd .
-Search permission is required on
-.Fa fd
-except if that file descriptor was opened with the
-.Dv O_SEARCH
-option.
+Search permission is required on this directory.
+.\" (These alternatives await a decision about the semantics of O_SEARCH)
+.\" Search permission is required on this directory
+.\" except if
+.\" .Fa fd
+.\" was opened with the
+.\" .Dv O_SEARCH
+.\" flag.
+.\" - or -
+.\" This file descriptor must have been opened with the
+.\" .Dv O_SEARCH
+.\" flag.
.Fa fd
can be set to
.Dv AT_FDCWD
Index: src/lib/libc/sys/utimes.2
diff -u src/lib/libc/sys/utimes.2:1.35 src/lib/libc/sys/utimes.2:1.36
--- src/lib/libc/sys/utimes.2:1.35 Sat Dec 1 21:07:01 2012
+++ src/lib/libc/sys/utimes.2 Sun Jan 13 08:15:02 2013
@@ -1,4 +1,4 @@
-.\" $NetBSD: utimes.2,v 1.35 2012/12/01 21:07:01 wiz Exp $
+.\" $NetBSD: utimes.2,v 1.36 2013/01/13 08:15:02 dholland Exp $
.\"
.\" Copyright (c) 1990, 1993
.\" The Regents of the University of California. All rights reserved.
@@ -129,11 +129,18 @@ is relative.
In that case, it is looked up from a directory whose file
descriptor was passed as
.Fa fd .
-Search permission is required on
-.Fa fd
-except if that file descriptor was opened with the
-.Dv O_SEARCH
-option.
+Search permission is required on this directory.
+.\" (These alternatives await a decision about the semantics of O_SEARCH)
+.\" Search permission is required on this directory
+.\" except if
+.\" .Fa fd
+.\" was opened with the
+.\" .Dv O_SEARCH
+.\" flag.
+.\" - or -
+.\" This file descriptor must have been opened with the
+.\" .Dv O_SEARCH
+.\" flag.
.Fa fd
can be set to
.Dv AT_FDCWD
Index: src/sys/kern/vfs_syscalls.c
diff -u src/sys/kern/vfs_syscalls.c:1.462 src/sys/kern/vfs_syscalls.c:1.463
--- src/sys/kern/vfs_syscalls.c:1.462 Fri Nov 30 13:26:37 2012
+++ src/sys/kern/vfs_syscalls.c Sun Jan 13 08:15:03 2013
@@ -1,4 +1,4 @@
-/* $NetBSD: vfs_syscalls.c,v 1.462 2012/11/30 13:26:37 njoly Exp $ */
+/* $NetBSD: vfs_syscalls.c,v 1.463 2013/01/13 08:15:03 dholland Exp $ */
/*-
* Copyright (c) 2008, 2009 The NetBSD Foundation, Inc.
@@ -70,7 +70,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: vfs_syscalls.c,v 1.462 2012/11/30 13:26:37 njoly Exp $");
+__KERNEL_RCSID(0, "$NetBSD: vfs_syscalls.c,v 1.463 2013/01/13 08:15:03 dholland Exp $");
#ifdef _KERNEL_OPT
#include "opt_fileassoc.h"
@@ -181,20 +181,11 @@ fd_nameiat(struct lwp *l, int fdat, stru
if ((error = fd_getvnode(fdat, &dfp)) != 0)
goto out;
- if (!(dfp->f_flag & FSEARCH)) {
- vn_lock(dfp->f_data, LK_EXCLUSIVE);
- error = VOP_ACCESS(dfp->f_data, VEXEC, l->l_cred);
- VOP_UNLOCK(dfp->f_data);
- if (error)
- goto cleanup;
- }
-
NDAT(ndp, dfp->f_data);
}
error = namei(ndp);
-cleanup:
if (fdat != AT_FDCWD)
fd_putfile(fdat);
out:
@@ -213,14 +204,6 @@ fd_nameiat_simple_user(struct lwp *l, in
if ((error = fd_getvnode(fdat, &dfp)) != 0)
goto out;
- if (!(dfp->f_flag & FSEARCH)) {
- vn_lock(dfp->f_data, LK_EXCLUSIVE);
- error = VOP_ACCESS(dfp->f_data, VEXEC, l->l_cred);
- VOP_UNLOCK(dfp->f_data);
- if (error)
- goto cleanup;
- }
-
dvp = dfp->f_data;
} else {
dvp = NULL;
@@ -228,7 +211,6 @@ fd_nameiat_simple_user(struct lwp *l, in
error = nameiat_simple_user(dvp, path, sflags, vp_ret);
-cleanup:
if (fdat != AT_FDCWD)
fd_putfile(fdat);
out:
@@ -1577,6 +1559,10 @@ do_open(lwp_t *l, struct vnode *dvp, str
int indx, error;
struct nameidata nd;
+ if (open_flags & O_SEARCH) {
+ open_flags &= ~(int)O_SEARCH;
+ }
+
flags = FFLAGS(open_flags);
if ((flags & (FREAD | FWRITE)) == 0)
return EINVAL;
@@ -1641,7 +1627,6 @@ fd_open(const char *path, int open_flags
/*
* Check permissions, allocate an open file structure,
* and call the device open routine if any.
- * XXX implement O_SEARCH
*/
static int
do_sys_openat(lwp_t *l, int fdat, const char *path, int flags,
@@ -1662,19 +1647,10 @@ do_sys_openat(lwp_t *l, int fdat, const
goto out;
dvp = dfp->f_data;
-
- if (!(dfp->f_flag & FSEARCH)) {
- vn_lock(dfp->f_data, LK_EXCLUSIVE);
- error = VOP_ACCESS(dfp->f_data, VEXEC, l->l_cred);
- VOP_UNLOCK(dfp->f_data);
- if (error)
- goto cleanup;
- }
}
error = do_open(l, dvp, pb, flags, mode, fd);
-cleanup:
if (dfp != NULL)
fd_putfile(fdat);
out:
@@ -1988,6 +1964,10 @@ dofhopen(struct lwp *l, const void *ufhp
0, NULL, NULL, NULL)))
return (error);
+ if (oflags & O_SEARCH) {
+ oflags &= ~(int)O_SEARCH;
+ }
+
flags = FFLAGS(oflags);
if ((flags & (FREAD | FWRITE)) == 0)
return (EINVAL);
Index: src/sys/sys/fcntl.h
diff -u src/sys/sys/fcntl.h:1.44 src/sys/sys/fcntl.h:1.45
--- src/sys/sys/fcntl.h:1.44 Sat Dec 1 08:20:55 2012
+++ src/sys/sys/fcntl.h Sun Jan 13 08:15:03 2013
@@ -1,4 +1,4 @@
-/* $NetBSD: fcntl.h,v 1.44 2012/12/01 08:20:55 skrll Exp $ */
+/* $NetBSD: fcntl.h,v 1.45 2013/01/13 08:15:03 dholland Exp $ */
/*-
* Copyright (c) 1983, 1990, 1993
@@ -131,7 +131,7 @@
#define O_MASK (O_ACCMODE|O_NONBLOCK|O_APPEND|O_SHLOCK|O_EXLOCK|\
O_ASYNC|O_SYNC|O_CREAT|O_TRUNC|O_EXCL|O_DSYNC|\
O_RSYNC|O_NOCTTY|O_ALT_IO|O_NOFOLLOW|O_DIRECT|\
- O_DIRECTORY|O_CLOEXEC|O_NOSIGPIPE|O_SEARCH)
+ O_DIRECTORY|O_CLOEXEC|O_NOSIGPIPE)
#define FMARK 0x00001000 /* mark during gc() */
#define FDEFER 0x00002000 /* defer for next gc pass */
@@ -141,7 +141,7 @@
#define FKIOCTL 0x80000000 /* kernel originated ioctl */
/* bits settable by fcntl(F_SETFL, ...) */
#define FCNTLFLAGS (FAPPEND|FASYNC|FFSYNC|FNONBLOCK|FDSYNC|FRSYNC|FALTIO|\
- FDIRECT|FNOSIGPIPE|FSEARCH)
+ FDIRECT|FNOSIGPIPE)
/* bits to save after open(2) */
#define FMASK (FREAD|FWRITE|FCNTLFLAGS)
#endif /* _KERNEL */
@@ -166,7 +166,6 @@
#define FRSYNC O_RSYNC /* kernel */
#define FALTIO O_ALT_IO /* kernel */
#define FDIRECT O_DIRECT /* kernel */
-#define FSEARCH O_SEARCH /* kernel */
#endif
/*
Index: src/tests/lib/libc/c063/t_o_search.c
diff -u src/tests/lib/libc/c063/t_o_search.c:1.2 src/tests/lib/libc/c063/t_o_search.c:1.3
--- src/tests/lib/libc/c063/t_o_search.c:1.2 Fri Nov 23 08:24:20 2012
+++ src/tests/lib/libc/c063/t_o_search.c Sun Jan 13 08:15:03 2013
@@ -1,4 +1,4 @@
-/* $NetBSD: t_o_search.c,v 1.2 2012/11/23 08:24:20 martin Exp $ */
+/* $NetBSD: t_o_search.c,v 1.3 2013/01/13 08:15:03 dholland Exp $ */
/*-
* Copyright (c) 2012 The NetBSD Foundation, Inc.
@@ -29,7 +29,7 @@
* POSSIBILITY OF SUCH DAMAGE.
*/
#include <sys/cdefs.h>
-__RCSID("$NetBSD: t_o_search.c,v 1.2 2012/11/23 08:24:20 martin Exp $");
+__RCSID("$NetBSD: t_o_search.c,v 1.3 2013/01/13 08:15:03 dholland Exp $");
#include <atf-c.h>
#include <errno.h>
@@ -42,14 +42,24 @@ __RCSID("$NetBSD: t_o_search.c,v 1.2 201
#include <pwd.h>
#include <sys/param.h>
+/*
+ * dholland 20130112: disable tests that require O_SEARCH semantics
+ * until a decision is reached about the semantics of O_SEARCH and a
+ * non-broken implementation is available.
+ */
+#if (O_MASK & O_SEARCH) != 0
+#define USE_O_SEARCH
+#endif
+
#define DIR "dir"
#define FILE "dir/o_search"
#define BASEFILE "o_search"
+
ATF_TC_WITH_CLEANUP(o_search_perm1);
ATF_TC_HEAD(o_search_perm1, tc)
{
- atf_tc_set_md_var(tc, "descr", "See that openat enforce search permission");
+ atf_tc_set_md_var(tc, "descr", "See that openat enforces search permission");
atf_tc_set_md_var(tc, "require.user", "unprivileged");
}
@@ -81,10 +91,13 @@ ATF_TC_CLEANUP(o_search_perm1, tc)
(void)rmdir(DIR);
}
+
+#ifdef USE_O_SEARCH
+
ATF_TC_WITH_CLEANUP(o_search_root_flag1);
ATF_TC_HEAD(o_search_root_flag1, tc)
{
- atf_tc_set_md_var(tc, "descr", "See that openat honours O_SEARCH");
+ atf_tc_set_md_var(tc, "descr", "See that root openat honours O_SEARCH");
atf_tc_set_md_var(tc, "require.user", "root");
}
@@ -120,6 +133,7 @@ ATF_TC_CLEANUP(o_search_root_flag1, tc)
(void)rmdir(DIR);
}
+
ATF_TC_WITH_CLEANUP(o_search_unpriv_flag1);
ATF_TC_HEAD(o_search_unpriv_flag1, tc)
{
@@ -141,14 +155,14 @@ ATF_TC_BODY(o_search_unpriv_flag1, tc)
ATF_REQUIRE((fd = openat(dfd, BASEFILE, O_RDWR, 0)) != -1);
ATF_REQUIRE(close(fd) == 0);
- ATF_REQUIRE(fchmod(dfd, 744) == 0);
+ ATF_REQUIRE(fchmod(dfd, 644) == 0);
ATF_REQUIRE((fd = openat(dfd, BASEFILE, O_RDWR, 0)) != -1);
ATF_REQUIRE(close(fd) == 0);
ATF_REQUIRE(fchmod(dfd, 444) == 0);
- ATF_REQUIRE((fd = openat(dfd, BASEFILE, O_RDWR, 0)) == -1);
+ ATF_REQUIRE((fd = openat(dfd, BASEFILE, O_RDWR, 0)) != -1);
ATF_REQUIRE(close(dfd) == 0);
}
@@ -159,10 +173,13 @@ ATF_TC_CLEANUP(o_search_unpriv_flag1, tc
(void)rmdir(DIR);
}
+#endif /* USE_O_SEARCH */
+
+
ATF_TC_WITH_CLEANUP(o_search_perm2);
ATF_TC_HEAD(o_search_perm2, tc)
{
- atf_tc_set_md_var(tc, "descr", "See that fstatat enforce search permission");
+ atf_tc_set_md_var(tc, "descr", "See that faccessat enforces search permission");
atf_tc_set_md_var(tc, "require.user", "unprivileged");
}
@@ -192,10 +209,13 @@ ATF_TC_CLEANUP(o_search_perm2, tc)
(void)rmdir(DIR);
}
+
+#ifdef USE_O_SEARCH
+
ATF_TC_WITH_CLEANUP(o_search_root_flag2);
ATF_TC_HEAD(o_search_root_flag2, tc)
{
- atf_tc_set_md_var(tc, "descr", "See that fstatat honours O_SEARCH");
+ atf_tc_set_md_var(tc, "descr", "See that root fstatat honours O_SEARCH");
atf_tc_set_md_var(tc, "require.user", "root");
}
@@ -229,6 +249,7 @@ ATF_TC_CLEANUP(o_search_root_flag2, tc)
(void)rmdir(DIR);
}
+
ATF_TC_WITH_CLEANUP(o_search_unpriv_flag2);
ATF_TC_HEAD(o_search_unpriv_flag2, tc)
{
@@ -249,7 +270,7 @@ ATF_TC_BODY(o_search_unpriv_flag2, tc)
ATF_REQUIRE(faccessat(dfd, BASEFILE, W_OK, 0) == 0);
- ATF_REQUIRE(fchmod(dfd, 744) == 0);
+ ATF_REQUIRE(fchmod(dfd, 644) == 0);
ATF_REQUIRE(faccessat(dfd, BASEFILE, W_OK, 0) == 0);
@@ -264,7 +285,10 @@ ATF_TC_CLEANUP(o_search_unpriv_flag2, tc
{
(void)unlink(FILE);
(void)rmdir(DIR);
-}
+}
+
+#endif /* USE_O_SEARCH */
+
ATF_TC_WITH_CLEANUP(o_search_notdir);
ATF_TC_HEAD(o_search_notdir, tc)
@@ -295,11 +319,15 @@ ATF_TP_ADD_TCS(tp)
{
ATF_TP_ADD_TC(tp, o_search_perm1);
+#ifdef USE_O_SEARCH
ATF_TP_ADD_TC(tp, o_search_root_flag1);
ATF_TP_ADD_TC(tp, o_search_unpriv_flag1);
+#endif
ATF_TP_ADD_TC(tp, o_search_perm2);
+#ifdef USE_O_SEARCH
ATF_TP_ADD_TC(tp, o_search_root_flag2);
ATF_TP_ADD_TC(tp, o_search_unpriv_flag2);
+#endif
ATF_TP_ADD_TC(tp, o_search_notdir);
return atf_no_error();
