From owner-freebsd-security@FreeBSD.ORG Wed Jan 11 06:35:09 2006 Return-Path: X-Original-To: freebsd-security@FreeBSD.org Delivered-To: freebsd-security@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 12A3C16A41F; Wed, 11 Jan 2006 06:35:09 +0000 (GMT) (envelope-from bde@zeta.org.au) Received: from mailout1.pacific.net.au (mailout1.pacific.net.au [61.8.0.84]) by mx1.FreeBSD.org (Postfix) with ESMTP id 624EC43D49; Wed, 11 Jan 2006 06:35:08 +0000 (GMT) (envelope-from bde@zeta.org.au) Received: from mailproxy2.pacific.net.au (mailproxy2.pacific.net.au [61.8.0.87]) by mailout1.pacific.net.au (8.13.4/8.13.4/Debian-3) with ESMTP id k0B6Z0kH001382; Wed, 11 Jan 2006 17:35:00 +1100 Received: from katana.zip.com.au (katana.zip.com.au [61.8.7.246]) by mailproxy2.pacific.net.au (8.13.4/8.13.4/Debian-3) with ESMTP id k0B6YwfA002904; Wed, 11 Jan 2006 17:34:58 +1100 Date: Wed, 11 Jan 2006 17:34:58 +1100 (EST) From: Bruce Evans X-X-Sender: bde@delplex.bde.org To: joe In-Reply-To: <200601110309.k0B39SQ8006489@www.freebsd.org> Message-ID: <20060111171411.O73013@delplex.bde.org> References: <200601110309.k0B39SQ8006489@www.freebsd.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-bugs@FreeBSD.org, freebsd-gnats-submit@FreeBSD.org, dds@FreeBSD.org Subject: Re: bin/91622: /bin/cp does not update atime of the source file X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Jan 2006 06:35:09 -0000 On Wed, 11 Jan 2006, joe wrote: >> Environment: > RELENG_4 20051028 >> Description: > [cp fails to update atime] > > this occurs regardless of whether or not the user has > rwx permissions on the source file. does not apply of > course if the source filesystem is mounted read-only. > they are read-write here. > > since the source file is indeed being read, the atime should be updated. This is because cp(1) doesn't actually read(2) the file. It mmap(2)'s the file and reads memory. POSIX doesn't seem to require that cp sets atimes or otherwise acts as if it reads the file. Similar for cmp(1) and other utilities that use mmap() to read files (install(1) is another). The problem is mostly fixed in -current by "setting" (not actually setting, but marking for update) atimes in mmap(). I think to be strictly correct, setting of atimes should be nearer to munmap(2) than mmap(). No read has occurred from userland's viewpoint at mmap() time. However, since the OS can't tell if applications read mmapped memory unless their is a pagefault, the atime would have to be set on every pagefault to be as correct as possible, and I think mmap() prefaults some pages so it would have to set the atime whether or not the application reads the pages. So I think setting atimes in mmap() is required in practice. This leaves the problem that later pagefaults never set the atime, so the atime set by mmap() becomes out of date. I think the atime should be set by mmap() of there is at least one later pagefault. Setting it for every pagefault may be too inefficient. Bruce