Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 31 Mar 2008 20:23:14 +0300
From:      Kostik Belousov <kostikbel@gmail.com>
To:        current@FreeBSD.ORG
Subject:   Re: Openat() and fexecve() committed
Message-ID:  <20080331172314.GO21209@deviant.kiev.zoral.com.ua>
In-Reply-To: <20080331163747.GA5468@zim.MIT.EDU>
References:  <20080331153006.GK21209@deviant.kiev.zoral.com.ua> <20080331163747.GA5468@zim.MIT.EDU>
next in thread | previous in thread | raw e-mail | index | archive | help 

--vDEbda84Uy/oId5W
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Mar 31, 2008 at 12:37:47PM -0400, David Schultz wrote:
> On Mon, Mar 31, 2008, Kostik Belousov wrote:
> > int main() {
> >    int dfd =3D open("/tmp/foo", O_RDONLY);
> >    int res;
> >   =20
> >    chmod("/tmp/foo", 0666);
> >   =20
> >    if (dfd !=3D -1) {
> >       res =3D openat(dfd, "bar", 0);
> >       printf("OPENAT returns: %d, errno: %s\n", res, strerror(errno));
> >    }
> >=20
> > }
> >=20
> > gives the error EACCESS on both Linux and FreeBSD, and succeeds on Sola=
ris.
> > The Solaris behaviour seems to be specified in the document cited above.
> > There are arguments in support of the both observed behaviour.
>=20
> Doesn't the latter behavior make it possible to bypass the usual
> permission checks on open("bar") via openat(AT_FDCWD, "bar")?
No, the point is that in the second case the permissions are checked
at the open() time, instead of the second case, where the permissions
are checked at the openat() time.

This is the same as open()ing some file, e.g., for read, and then revoking
the r bit from the vnode. You still can read the file given code did not
closed the filedescriptor.

--vDEbda84Uy/oId5W
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (FreeBSD)

iEYEARECAAYFAkfxHgEACgkQC3+MBN1Mb4hLcwCcCpVcdlQDkpSkplves3tZcsmb
ivgAoOnuX1FOnNZxY5/lh75gGPtheg9a
=QmML
-----END PGP SIGNATURE-----

--vDEbda84Uy/oId5W--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080331172314.GO21209>