From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on dcvr.yhbt.net X-Spam-Level: X-Spam-ASN: AS17314 8.43.84.0/22 X-Spam-Status: No, score=-4.2 required=3.0 tests=AWL,BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, SPF_HELO_PASS,SPF_PASS shortcircuit=no autolearn=ham autolearn_force=no version=3.4.2 Received: from sourceware.org (server2.sourceware.org [8.43.85.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by dcvr.yhbt.net (Postfix) with ESMTPS id 59BB61F9E0 for ; Thu, 30 Apr 2020 11:16:00 +0000 (UTC) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 921AA389850F; Thu, 30 Apr 2020 11:15:59 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 921AA389850F DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1588245359; bh=IPWFhdoKY1rlBUufn5J6UTXidpBjwFxE9VS3HBIl5yU=; h=To:Subject:References:Date:In-Reply-To:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:Cc: From; b=TBbnK6QPSHLe/afn4HIqhhm5FTtEyzoij9AXLJNIzj4wb2OGr1x6jFp9ITgXr7btu dz3IVni7wa2JbwnWZAePzSr4TUDgE3SED5Fv1zS3kWOWKCnRcyfrZworXAClauFk3Y rIZcYz292DEtyhfk1xm40a0ObcGzu5dyamMmDM00= Received: from us-smtp-delivery-1.mimecast.com (us-smtp-1.mimecast.com [207.211.31.81]) by sourceware.org (Postfix) with ESMTP id 8543E389682D for ; Thu, 30 Apr 2020 11:15:56 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 8543E389682D Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-191-JQeph5WkOfanPru-ptysGQ-1; Thu, 30 Apr 2020 07:15:54 -0400 X-MC-Unique: JQeph5WkOfanPru-ptysGQ-1 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 4C46B1895A28; Thu, 30 Apr 2020 11:15:53 +0000 (UTC) Received: from oldenburg2.str.redhat.com (ovpn-113-72.ams2.redhat.com [10.36.113.72]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 716AB1001920; Thu, 30 Apr 2020 11:15:52 +0000 (UTC) To: Alexandra =?utf-8?B?SMOhamtvdsOh?= via Libc-alpha Subject: Re: [PATCH] Linux: Add execveat system call wrapper References: <20200428122019.26826-1-ahajkova@redhat.com> Date: Thu, 30 Apr 2020 13:15:50 +0200 In-Reply-To: <20200428122019.26826-1-ahajkova@redhat.com> ("Alexandra =?utf-8?B?SMOhamtvdsOh?= via Libc-alpha"'s message of "Tue, 28 Apr 2020 14:20:19 +0200") Message-ID: <87pnbpmdg9.fsf@oldenburg2.str.redhat.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Florian Weimer via Libc-alpha Reply-To: Florian Weimer Cc: Alexandra =?utf-8?B?SMOhamtvdsOh?= Errors-To: libc-alpha-bounces@sourceware.org Sender: "Libc-alpha" So it turns out that openat and execveat have totally different flags arguments, and translation is needed. The execveat manual page says this: AT_EMPTY_PATH If pathname is an empty string, operate on the file referred= to by dirfd (which may have been obtained using the open(2) O_P= ATH flag). AT_SYMLINK_NOFOLLOW If the file identified by dirfd and a non-NULL pathname i= s a symbolic link, then the call fails with the error ELOOP. fs/exec.c in the kernel sources handles flags in the do_open_execat function: =09if ((flags & ~(AT_SYMLINK_NOFOLLOW | AT_EMPTY_PATH)) !=3D 0) =09=09return ERR_PTR(-EINVAL); =09if (flags & AT_SYMLINK_NOFOLLOW) =09=09open_exec_flags.lookup_flags &=3D ~LOOKUP_FOLLOW; =09if (flags & AT_EMPTY_PATH) =09=09open_exec_flags.lookup_flags |=3D LOOKUP_EMPTY; =09file =3D do_filp_open(fd, name, &open_exec_flags); So the manual page is correct and there are only two flags to support. So I think we have to do this: * If there are more flags than just the two, fail with EINVAL. * To handle AT_EMPTY_PATH, do not open a new file descriptor (using openat) if AT_EMPTY_PATH is specified *and* the file name is "". * To handle AT_SYMLINK_NOFOLLOW, openat needs to be called with O_NOFOLLOW in that case (in addition to O_CLOEXEC). The behavior with AT_EMPTY_PATH/"" and AT_SYMLINK_NOFOLLOW at the same time is not immedately obvious from the kernel code, so I wrote a small test program (/bin/sh is a symbolic link to /bin/bash on this system): #include #include #include #include int main (void) { int fd =3D open ("/bin/sh", O_PATH | O_NOFOLLOW); if (fd < 0) err (1, "open"); static char *const argv[] =3D { "sh", "-c", "exit 0", NULL }; static char *const envp[] =3D { NULL }; syscall (SYS_execveat, fd, "", argv, envp, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW); err (1, "execveat"); } This fails: openat(AT_FDCWD, "/bin/sh", O_RDONLY|O_NOFOLLOW|O_PATH) =3D 3 execveat(3, "", ["sh", "-c", "exit 0"], 0x402040 /* 0 vars */, AT_SYMLINK_N= OFOLLOW|AT_EMPTY_PATH) =3D -1 ELOOP (Too many levels of symbolic links) [=E2=80=A6] execveat-opath-symlink: execveat: Too many levels of symbolic links So I think for the AT_EMPTY_PATH/"" and AT_SYMLINK_NOFOLLOW case, we need to call fstatat64 with AT_EMPTY_PATH and see if st_mode indicates that the descriptor refers to a symbolic link. If it does, the function needs to fail with ELOOP. AT_EMPTY_PATH without a "" file name does not need special treatment and can use the regular openat path (with the conditional setting of O_NOFOLLOW). Thanks, Florian