From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bug-gnulib-bounces+normalperson=yhbt.net@gnu.org>
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on dcvr.yhbt.net
X-Spam-Level: 
X-Spam-ASN: AS22989 209.51.188.0/24
X-Spam-Status: No, score=-4.0 required=3.0 tests=AWL,BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,HTML_MESSAGE,
	MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,
	SPF_PASS shortcircuit=no autolearn=ham autolearn_force=no version=3.4.6
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by dcvr.yhbt.net (Postfix) with ESMTPS id F24041F47C
	for <normalperson@yhbt.net>; Wed,  4 Jan 2023 20:54:29 +0000 (UTC)
Authentication-Results: dcvr.yhbt.net;
	dkim=pass (1024-bit key; unprotected) header.d=renesas.com header.i=@renesas.com header.a=rsa-sha256 header.s=selector1 header.b=kjvO/Azl;
	dkim-atps=neutral
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <bug-gnulib-bounces@gnu.org>)
	id 1pDAmB-0003Xq-Do; Wed, 04 Jan 2023 15:54:19 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ondrej.valousek.xm@renesas.com>)
 id 1pDAm6-0003XO-5j
 for bug-gnulib@gnu.org; Wed, 04 Jan 2023 15:54:14 -0500
Received: from mail-tycjpn01on2109.outbound.protection.outlook.com
 ([40.107.114.109] helo=JPN01-TYC-obe.outbound.protection.outlook.com)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ondrej.valousek.xm@renesas.com>)
 id 1pDAm3-0002RG-JB
 for bug-gnulib@gnu.org; Wed, 04 Jan 2023 15:54:13 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=XqfAZ3ioiwmwHvPIKf/jxP4NGrL1l9pAC1cFVLvnjbnHMetZFG3um+kpfnTyJ2VXDxqrpyezW5kE23DQHfp0RzD0hrGmkFQv4FYQj6D/RxI1JzAu/1Sw+so5U4xYJRkG9cuBY1Qv7E2ngSfX0SXxfZjqhzzgMkTrAtF6SbsuoVkF4h3Ib1WfYUfCevwP8mOx6glcQ2JdGy7RIXEk7djNZ6Q8/zxhx2mvJKnvr7yvDcphT1Ks0Dqot6pLHvfHkoGdcmW+JB1qH57XTqIVmAsNjVDQveLDXZvxNz/rZGNnI+nnTqnXv8yLqgU35440cPnVQwPnJ2aTdLau3kB44e8U8w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; 
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=UAgjxXVt77S27DmiD7IKJjPv7HcKZhpWDUbikQvGeRw=;
 b=jPf+O5XojRWaTMBWPIGq6APN+kP7OiLFPxbuO+6JeOXnsl+mkJXT97LXgVc7F+qOAa54TwfwJ9Hat+I2c3fgiUhSDo+Apy67gZ4K6MJATlO8Hstbeb0NbHS7EGHctvESurDMbsNU7IVeyw2zV+AMLGKYHELnboGGSuRP50wOuR78HJl4BM29aMtQpY1qm7Iv/HT1RnP6Pnm/GnVEk+Q/WIdXQfmVx8D1uTVJfASp9PWtrqTvZhsn9P1KpjcYCJDoNI9Wn5HTb033cK54RZugd9xGRkR5or306R42qHn5+/9lR+4s6IbYRgBQM2Av+Ff+rh9MByyRahNOccZXr30mBw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=renesas.com; dmarc=pass action=none header.from=renesas.com;
 dkim=pass header.d=renesas.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=renesas.com;
 s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=UAgjxXVt77S27DmiD7IKJjPv7HcKZhpWDUbikQvGeRw=;
 b=kjvO/AzlhOzdRIZmKQsNLkYxI/0gx0pnCZzZjf12org/Dxzj5omj9JxCRA2NKxNAWBcY6MWzo29eEI/McRCfLX84/tV1bx9tFYlfiqSD/lML4UER9K2PEwh3fFwZADtN5yH0nP5XlW/CuHrvaP/fPfgzSmWEgTF4abYVNr62ZzM=
Received: from TYXPR01MB1854.jpnprd01.prod.outlook.com (2603:1096:403:d::19)
 by TYWPR01MB9325.jpnprd01.prod.outlook.com (2603:1096:400:1a2::7) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5944.19; Wed, 4 Jan
 2023 20:54:06 +0000
Received: from TYXPR01MB1854.jpnprd01.prod.outlook.com
 ([fe80::588e:988e:be0a:2538]) by TYXPR01MB1854.jpnprd01.prod.outlook.com
 ([fe80::588e:988e:be0a:2538%4]) with mapi id 15.20.5944.019; Wed, 4 Jan 2023
 20:54:06 +0000
From: Ondrej Valousek <ondrej.valousek.xm@renesas.com>
To: Paul Eggert <eggert@cs.ucla.edu>, Bruno Haible <bruno@clisp.org>,
 "bug-gnulib@gnu.org" <bug-gnulib@gnu.org>
Subject: Re: [PATCH] Use xattr (Linux) in qcopy-acl.c
Thread-Topic: [PATCH] Use xattr (Linux) in qcopy-acl.c
Thread-Index: AQHZIEm/0GtwAM3LiUSSLrpeKTj90K6OVh6AgABPJYCAAA/AOg==
Date: Wed, 4 Jan 2023 20:54:05 +0000
Message-ID: <TYXPR01MB1854E3B8F44013CC232E4ECED9F59@TYXPR01MB1854.jpnprd01.prod.outlook.com>
References: <20230104143425.1235741-1-ondrej.valousek.xm@renesas.com>
 <10191473.L8ug28u51p@nimes>
 <e46d9ca3-600d-aa46-809f-89e3b9b9879b@cs.ucla.edu>
In-Reply-To: <e46d9ca3-600d-aa46-809f-89e3b9b9879b@cs.ucla.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
authentication-results: dkim=none (message not signed)
 header.d=none;dmarc=none action=none header.from=renesas.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: TYXPR01MB1854:EE_|TYWPR01MB9325:EE_
x-ms-office365-filtering-correlation-id: 63437026-4355-4d09-a851-08daee95d18c
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: JdZI2JfmrDQradhknYZrqCM2M2475/7F+ACs6K02g0SnfvOmPk5geq33uvTrOM+z7883t9s6REEVoGWeOfL8mlzh9IOdb/KSvfF9E0voRRMyIj+FuOFAoIEfi6qyPaC+GnEh3EjwD89dOUvi7DbLCTm/omhe5ywfLupTwuRAr1vCUeWNRjKpPc+mDPhhUZBb4zKBeBVYhmip1DSPd2ik8coxv19U7KNTHoV2ZXGXeWYiFWaOQgpQVlUzhm21iD4M84vb8qch4AyGXPLE24LjGX3zF0D+gwKflrX2oPaEhtBqn7LPYdzREOEQK8s4BjUfoRwIBJwd9G3gbKX4lqW9vZMYcvXWqOou4HXuCNQZ9QqAVF410jJ8tan58NxvZcc1+VC4aMbwi8pPMYVdjZPueHy/3KYaJTgG5bHi5M6WsgoHKbg/UDLEjhOcclFzUQnGPF4hr9qAoJsut7R4eFbdt43BxcttFyI0PnF+Y+b+f6Ubqs/QxHiifVxG/m9U+S9txxxWQaElmOe4lTzYmpyJslv9GwZ3VqFesVd0X4O8aV9arX/tsZVCVsu3S3DVMQLUJMWUABvnB2AweLOjMapiGcEWVgfd/Z10mEGwxZ56fkMBhs10K7FeKxTbW3N6QuXgpzt9YIMsEhyJggjH+mx617LaONgpa1yIJZ1NK+Un4ad4G22RHrYfx8cW40vm3LSqpoCxzTQtTEU+RlWdzDJY4g==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:;
 IPV:NLI; SFV:NSPM; H:TYXPR01MB1854.jpnprd01.prod.outlook.com; PTR:; CAT:NONE;
 SFS:(13230022)(4636009)(346002)(376002)(366004)(136003)(39860400002)(396003)(451199015)(83380400001)(8936002)(38070700005)(86362001)(52536014)(2906002)(5660300002)(38100700002)(122000001)(41300700001)(55016003)(186003)(71200400001)(7696005)(478600001)(8676002)(91956017)(64756008)(66446008)(9686003)(6506007)(316002)(26005)(110136005)(66946007)(76116006)(66476007)(66556008)(33656002);
 DIR:OUT; SFP:1102; 
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?D8s8AhepFaAZVor8i9ToMf2HAmJ6uDUOOUwVhiKUy7KY4Y0PFlkj5JI3Os2F?=
 =?us-ascii?Q?d2/zp54ye4bNw3Wgj3R9ftlM1tskwSuvhj+3kFjRu3QYmieTNumcoldSZyJ6?=
 =?us-ascii?Q?VmCeQuMG5DVskPyQddVCSl4c86MvfI9+2nDQ59O/m4TXsOUdewtoaJAZ7F1J?=
 =?us-ascii?Q?pM7E7lfLUplwfFMWphyOXWvCPjlD01yp5Jfql99h4luEJQFCvJNRCyRjX8Ay?=
 =?us-ascii?Q?XJIP+l8x2dMhsi/oQaJu/BBUKvrtCGmg9aU1ZwC84S8ywPJ3GetRBfqnba6u?=
 =?us-ascii?Q?WZhTspq6ZEX6spFnpikpUlytFUC5wBQtgpEAGRkEiW0CkIMxf5CKG43JMsai?=
 =?us-ascii?Q?qPPfVc2ogEHiuI1PSwwTs9293LQPzHBZ9KVKomx7kzJbEUOlXjTX5OO58Nyd?=
 =?us-ascii?Q?4Qo4162Bg/11bNgCe7DnPptakjkHiL0HShvWgtkKYg9NU3swxWPEHxETedXK?=
 =?us-ascii?Q?eUMzOBToZHgWx5myQmDNKx8kermT490ArvOhXTyANxbBnOsFIrrmtMQArSmi?=
 =?us-ascii?Q?UWhcCGbVqCBtPvZF9mPUcnpjUp2cOCCeqpj+vmCt0XdYRGKzN6FKFXV2RDoG?=
 =?us-ascii?Q?rZ/9JaIe1SK39ugh2GNNhpULEOYThQtF6q42z7n74ojrJABmCju5RfMcOuM1?=
 =?us-ascii?Q?qiqf/98m7O+d3gytUfIBdP0QDKGYRP+BfCG3pyDkA1v5DVopbbpmwjminkue?=
 =?us-ascii?Q?V4o8iGJTv+LU6MnF94hjS5hXZzFEbYIlk6W94byxw/Ho0TGJEeNt4vXiZ82C?=
 =?us-ascii?Q?lircljqNb+ZpWnSflX4TxvfHgI/jZMY4Ij7W4F6vHUrzt9nrkx3Rq9txwM26?=
 =?us-ascii?Q?yqVFc0lZvjs9x1iTRBc7VgZTZTcLfuOzeK19jLwGfRBfmDVBm0aAZ7Hxj3PJ?=
 =?us-ascii?Q?LsFCgETMJSwgZ6XyAezMn+vnD1fnONlF9coo0MXKl+rRbR+3nCGDpcmsPh5d?=
 =?us-ascii?Q?vBqpPeMXKrwIB0/Dg+CsBRcy0Syt8mOlnucdy0FIuNejxv4aGnnedLwhvJhH?=
 =?us-ascii?Q?7Ffxez+B4Mv6+gds+mjZjkPQmuJGhkndDcJI85bo6hi7FmFpr9SkYzcYSCyo?=
 =?us-ascii?Q?f6zAXWANhCnA6Rz21PCo0AYTKM7bfrifqU9mFBqbqoaZxZ5VGEL1iEMusBmd?=
 =?us-ascii?Q?z9oW4CWTe5xqKMxbgl/uNu1HyFSdGIjXgHKniMdS0/izgmCAzzu5HXbnAxgw?=
 =?us-ascii?Q?xzdZQhHNFeP6vmzcsTIzEcPydlfDVSat1UrFamGemlsl5871WmIe5ACtPiQt?=
 =?us-ascii?Q?GECKEfub9yEaGGTE8HgX2tj9eEO/SwcBieXQvhsjlDASq/dj7etkGzJE5Ac1?=
 =?us-ascii?Q?Kv/G+xbo8oi7O5wIj+kCfjI5/62XF8TO9asr1vP052eztGlUEG3xjOx2hrdG?=
 =?us-ascii?Q?PcDXqh2nWbIBTVNnp1JqLfpI5pnrdk4Vhbmz71oCpc2bRd4iuk5TVNsHVATU?=
 =?us-ascii?Q?JQQxivGLbTlvo9IfSgWJocs+f9nHk2foRw0/k32C+sB0kRb9n9s7WjOT9Luk?=
 =?us-ascii?Q?UpScoxd6OOsp7C//bsrriT+LHkZ8Y54Df4Jf+vEdomUdJMCrBYUsfyD++PAG?=
 =?us-ascii?Q?i0oQ1tRPsyTH+khDBWkh5JmoSewL+1LX0k1yU9CPsupj/8iWVlkkcF6eFiDv?=
 =?us-ascii?Q?HsVN04pZ5b08fqa03hsPXYw=3D?=
Content-Type: multipart/alternative;
 boundary="_000_TYXPR01MB1854E3B8F44013CC232E4ECED9F59TYXPR01MB1854jpnp_"
MIME-Version: 1.0
X-OriginatorOrg: renesas.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: TYXPR01MB1854.jpnprd01.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 63437026-4355-4d09-a851-08daee95d18c
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Jan 2023 20:54:05.9384 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 53d82571-da19-47e4-9cb4-625a166a4a2a
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: jOJjzjDt6zEr4h15oG46lM5bPr0SsE0pGO+v7kClOHMNBGEX5xE+QrsgMU4yRoaIGHK1f7Nw+CUWqG5Zoxzyt79GRNA/2hSAo9f+h69+HrA=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: TYWPR01MB9325
Received-SPF: pass client-ip=40.107.114.109;
 envelope-from=ondrej.valousek.xm@renesas.com;
 helo=JPN01-TYC-obe.outbound.protection.outlook.com
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001,
 RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: bug-gnulib@gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Gnulib discussion list <bug-gnulib.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-gnulib>,
 <mailto:bug-gnulib-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/bug-gnulib>
List-Post: <mailto:bug-gnulib@gnu.org>
List-Help: <mailto:bug-gnulib-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-gnulib>,
 <mailto:bug-gnulib-request@gnu.org?subject=subscribe>
Errors-To: bug-gnulib-bounces+normalperson=yhbt.net@gnu.org
Sender: bug-gnulib-bounces+normalperson=yhbt.net@gnu.org

--_000_TYXPR01MB1854E3B8F44013CC232E4ECED9F59TYXPR01MB1854jpnp_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable


> Perhaps you can fix
this by fixing the Link sections of the relevant modules to use
$(LIB_HAS_ACL) instead of $(LIB_ACL). That is, for each module where you
added $(LIB_XATTR), replace its $(LIB_ACL) with $(LIB_HAS_ACL) if the
only reason it needed $(LIB_ACL) was to copy attributes.

Nope. LIB_HAS_ACL has value only if glibc does not know getxattr() system c=
all. It has nothing to do with libattr (yes, it's bit confusing).
Why don't we solve the linker problem with the "--as-needed" option? This w=
ill make linker clever enough not to link libraries that are not needed.

> Also, come to think of it, is there a security issue between the
chmod_or_fchmod call, and the attr_copy_fd call? That is, could the file
temporarily be set to too-generous permissions, between the two calls? A
comment explaining this issue would help.

It depends on a kernel ACL implementation. On Linux the ACLs make the permi=
ssions only more opened (hence my code would be fine).
In contrast, on Solaris/ZFS, the opposite could happen.
NetApp NFSv4 server even allows you to break RFC7530 the way that chmod 0 <=
file> will still allow the inherited ACLs to be applied.
In general, I'd say we should be secure here.


--_000_TYXPR01MB1854E3B8F44013CC232E4ECED9F59TYXPR01MB1854jpnp_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=
>
</head>
<body>
<div style=3D"color: rgb(33, 33, 33); background-color: rgb(255, 255, 255);=
" dir=3D"auto">
<br>
</div>
<div id=3D"ms-outlook-mobile-signature" dir=3D"auto">
<div id=3D"mail-editor-reference-message-container" dir=3D"auto"><font size=
=3D"2"><span style=3D"font-size:11pt;">
<div class=3D"PlainText" dir=3D"auto">&gt; Perhaps you can fix <br>
this by fixing the Link sections of the relevant modules to use <br>
$(LIB_HAS_ACL) instead of $(LIB_ACL). That is, for each module where you <b=
r>
added $(LIB_XATTR), replace its $(LIB_ACL) with $(LIB_HAS_ACL) if the <br>
only reason it needed $(LIB_ACL) was to copy attributes.<br>
<br>
Nope. LIB_HAS_ACL has value only if glibc does not know getxattr() system c=
all. It has nothing to do with libattr (yes, it's bit confusing).</div>
<div class=3D"PlainText" dir=3D"auto">Why don't we solve the linker problem=
 with the &quot;--as-needed&quot; option? This will make linker clever enou=
gh not to link libraries that are not needed.</div>
<div class=3D"PlainText" dir=3D"auto"><br>
&gt; Also, come to think of it, is there a security issue between the <br>
chmod_or_fchmod call, and the attr_copy_fd call? That is, could the file <b=
r>
temporarily be set to too-generous permissions, between the two calls? A <b=
r>
comment explaining this issue would help.<br>
</div>
<div class=3D"PlainText" dir=3D"auto"><br>
</div>
<div class=3D"PlainText" dir=3D"auto">It depends on a kernel ACL implementa=
tion. On Linux the ACLs make the permissions only more opened (hence my cod=
e would be fine).</div>
<div class=3D"PlainText" dir=3D"auto">In contrast, on Solaris/ZFS, the oppo=
site could happen.&nbsp;</div>
<div class=3D"PlainText" dir=3D"auto">NetApp NFSv4 server even allows you t=
o break RFC7530 the way that chmod 0 &lt;file&gt; will still allow the inhe=
rited ACLs to be applied.&nbsp;</div>
<div class=3D"PlainText" dir=3D"auto">In general, I'd say we should be secu=
re here.</div>
</span></font><br>
</div>
</div>
</body>
</html>

--_000_TYXPR01MB1854E3B8F44013CC232E4ECED9F59TYXPR01MB1854jpnp_--