bug-gnulib@gnu.org mirror (unofficial)
 help / color / mirror / Atom feed
From: Kamil Dudka <kdudka@redhat.com>
To: Florian Weimer <fw@deneb.enyo.de>
Cc: Paul Eggert <eggert@cs.ucla.edu>, bug-gnulib@gnu.org
Subject: Re: [PATCH] fchmodat, lchmod: port to buggy Linux filesystems
Date: Wed, 11 Mar 2020 10:04:04 +0100	[thread overview]
Message-ID: <1847517.PYKUYFuaPT@nbkamil> (raw)
In-Reply-To: <87o8t40zz7.fsf@mid.deneb.enyo.de>

On Tuesday, March 10, 2020 8:30:36 PM CET Florian Weimer wrote:
> * Pádraig Brady:
> > On 10/03/2020 11:52, Florian Weimer wrote:
> >> * Pádraig Brady:
> >>> On 09/03/2020 18:51, Paul Eggert wrote:
> >>>> On 3/9/20 10:30 AM, Pádraig Brady wrote:
> >>>>> A very similar "ENOTSUP" problem is being reported with coreutils-8.32
> >>>>> with `mknod -m 666 /dev/random c 1 8` when trying to build Fedora
> >>>>> rawhide in a chroot.
> >>>>> https://bugzilla.redhat.com/1811038
> >>>> 
> >>>> I don't understand that bug report. The strace diff you mentioned in
> >>>> Comment 4 looks like the new mknod command is working. And yet the
> >>>> original bug report says new mknod command is complaining "Operation
> >>>> not
> >>>> supported".
> >>>> 
> >>>> Is the problem that some filesystems don't work with the chmod
> >>>> /proc/self/fd/NNN trick, and that it worked for you (the strace diff)
> >>>> but not for Mohan (the original bug report)?
> >>> 
> >>> Right, the strace is from my working mknod(1)
> >>> to show the differences between 8.31 and 8.32.
> >>> 
> >>> I've requested an strace from the failing system.
> >> 
> >> I guess it's possible that just isn't mounted at this point.
> >> 
> >> The glibc implementation will definitely *not* add racy fallback in
> >> case /proc is not available, so this will not work until someone
> >> implements the required system call.
> >> 
> >> It's not clear to my why the mknod command would need fchmodat at all.
> >> With the -m argument, it should simply set the umask to 0, and pass
> >> the mode bits to the mknod function.
> > 
> > umask is not used so as to cater for discrepancies between process and
> > default ACL masks:
> > https://git.sv.gnu.org/gitweb/?p=coreutils.git;a=commitdiff;h=v8.21-51-ge
> > 7198a67b
> I just don't understand this explanation.  Is the concern here that
> you would get a different mode from the requested one if you use
> umask+mknod and not mknod+some form of chmod?
> 
> > An update re this issue.
> > The strace was supplied in https://bugzilla.redhat.com/1811038
> > which shows there is no fallback to chmod() in lchmod().
> > Now the gnulib code does fallback so this issue must be in the glibc
> > implementation.
> The glibc implementation needs /proc to avoid the race.  There is no
> way around that, otherwise we introduce a security vulnerability.

As I understand it, the change of lchmod() behavior in glibc is intended.
We do not want to revert it for obvious reasons.  On the other hand, the 
change of mknod behavior is unexpected and breaks existing software.

Would not it make sense to fix this in mknod by turning the EOPNOTSUPP
failure into a warning only?

Kamil




  parent reply	other threads:[~2020-03-11  9:04 UTC|newest]

Thread overview: 31+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-02-13 18:42 [PATCH] fchmodat, lchmod: port to buggy Linux filesystems Paul Eggert
2020-02-14  3:29 ` Bruno Haible
2020-02-16 17:24   ` Bruno Haible
2020-02-16 18:31     ` Paul Eggert
2020-02-16 18:58       ` Bruno Haible
2020-02-14  3:46 ` Bruno Haible
2020-02-14 21:02   ` Paul Eggert
2020-02-16 21:38     ` Bruno Haible
2020-02-16 22:28       ` Bruno Haible
2020-02-22 23:46       ` Bruno Haible
2020-02-23  8:15         ` Paul Eggert
2020-02-23 10:58           ` Bruno Haible
2020-02-23 23:56             ` Paul Eggert
2020-02-24  2:27               ` overriding glibc stub functions Bruno Haible
2020-02-24  7:44                 ` Paul Eggert
2020-02-23  1:35 ` [PATCH] fchmodat, lchmod: port to buggy Linux filesystems Bruno Haible
2020-02-23  7:22   ` Paul Eggert
2020-03-09 17:30 ` Pádraig Brady
2020-03-09 18:51   ` Paul Eggert
2020-03-09 23:45     ` Pádraig Brady
2020-03-10 11:52       ` Florian Weimer
2020-03-10 15:09         ` Kamil Dudka
2020-03-10 19:27         ` Pádraig Brady
2020-03-10 19:30           ` Florian Weimer
2020-03-11  8:03             ` Paul Eggert
2020-03-11  8:45               ` Florian Weimer
2020-03-11 16:04                 ` Paul Eggert
2020-03-11  8:25             ` Paul Eggert
2020-03-11  8:40               ` Florian Weimer
2020-03-11  9:04             ` Kamil Dudka [this message]
2020-03-11 16:36               ` Paul Eggert

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://lists.gnu.org/mailman/listinfo/bug-gnulib

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1847517.PYKUYFuaPT@nbkamil \
    --to=kdudka@redhat.com \
    --cc=bug-gnulib@gnu.org \
    --cc=eggert@cs.ucla.edu \
    --cc=fw@deneb.enyo.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).