From owner-freebsd-hackers@FreeBSD.ORG Wed Oct 6 17:58:22 2010 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3EAFA106566B; Wed, 6 Oct 2010 17:58:22 +0000 (UTC) (envelope-from yanegomi@gmail.com) Received: from mail-iw0-f182.google.com (mail-iw0-f182.google.com [209.85.214.182]) by mx1.freebsd.org (Postfix) with ESMTP id E8A948FC18; Wed, 6 Oct 2010 17:58:21 +0000 (UTC) Received: by iwn8 with SMTP id 8so1498680iwn.13 for ; Wed, 06 Oct 2010 10:58:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:sender:received :in-reply-to:references:date:x-google-sender-auth:message-id:subject :from:to:cc:content-type:content-transfer-encoding; bh=WMePUYtMdqeTLJxva3zMGA7zReFSFcYt8u44Pjnd/fE=; b=XFaeYU+DX+oMH1krJKNIUaXxaT7N5YMmBV+bebJ9XdSOMDcRYcC51bjksujoD/wP4w Vg1PED4Xqogn6XoJFhPLBP1Jc4J29U93h4aijKXWtUCqPl3pVk87dLZRmgsCm6NfoDpO EqtcPpE1mlK127tFpkGwxW6z4kje5FBn9AGCA= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type :content-transfer-encoding; b=kRW2RNDAoC4558fvZVgr2ubIxNlP+DBNDZhWdGyKnHzAgb+TWMX9HjUJimD8jz/U67 DWUnArmxCPXcr6d9IAdF8b463VS5gemmmYXNp5yMIOFB0dj3I8Q1vsuFf8KZcrECwRwP Sy9nqyZvRsyPpEaUPYrIwSYD3dVDj+edGNMM4= MIME-Version: 1.0 Received: by 10.231.19.74 with SMTP id z10mr14311557iba.120.1286387901089; Wed, 06 Oct 2010 10:58:21 -0700 (PDT) Sender: yanegomi@gmail.com Received: by 10.231.184.3 with HTTP; Wed, 6 Oct 2010 10:58:21 -0700 (PDT) In-Reply-To: <20101006173522.GA92402@freebsd.org> References: <20101005235054.GA45827@freebsd.org> <20101006173522.GA92402@freebsd.org> Date: Wed, 6 Oct 2010 10:58:21 -0700 X-Google-Sender-Auth: 5vGnhKdf4-Y_umTZMHCQ3YCHQXM Message-ID: From: Garrett Cooper To: Alexander Best Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: freebsd-hackers@freebsd.org Subject: Re: issue with unsetting 'arch' flag X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Oct 2010 17:58:22 -0000 On Wed, Oct 6, 2010 at 10:35 AM, Alexander Best wrote= : > On Wed Oct =A06 10, Garrett Cooper wrote: >> On Tue, Oct 5, 2010 at 4:50 PM, Alexander Best wro= te: >> > hi there, >> > >> > i think the following example shows the problem better than a long exp= lanation: >> > >> > `touch ftest && chflags arch ftest && chflags -vv 0 ftest`. >> > =A0^^non-root =A0 =A0 ^^root =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0^^non-root >> > >> > chflags claims to have cleared the 'arch' flag (which should be imposs= ible as >> > non-root user), but indeed has done nothing. >> > >> > i've tried the same with 'sappnd' and that works as can be expected. >> > >> > The issue was confirmed to exist in HEAD (me), stable/8 (pgollucc1, jp= aetzel) >> > and stable/7 (nox). >> > On stable/6 it does NOT exist (jpaetzel). chflags properly fails with = EPERM. >> >> =A0 =A0 Fails for me when I call the syscall directly, as I would expect= , >> and passes when I'm superuser: >> >> $ ./test_chflags >> (uid, euid) =3D (1000, 1000) >> test_chflags: chflags: Operation not permitted >> test_chflags: lchflags: Operation not permitted >> $ sudo ./test_chflags >> (uid, euid) =3D (0, 0) >> >> =A0 =A0 According to my basic inspection in strtofflags >> (.../lib/libc/gen/strtofflags.c), it works as well. >> =A0 =A0 And last but not least, executing the commands directly on the C= LI work: >> >> $ tmpfile=3D`mktemp /tmp/chflags.XXXXXX` >> $ chflags arch $tmpfile >> chflags: /tmp/chflags.nQm1IL: Operation not permitted >> $ rm $tmpfile >> $ tmpfile=3D`mktemp /tmp/chflags.XXXXXX` >> $ sudo chflags arch $tmpfile >> $ sudo chflags noarch $tmpfile >> $ rm $tmpfile > > thanks for your test app and helping out with this problem. i'm not sure > however you understood the problem. probably i didn't explain it right: > > $ sudo rm -d /tmp/chflags.XXXXXX > $ tmpfile=3D`mktemp /tmp/chflags.XXXXXX` > $ sudo chflags arch $tmpfile > $ chflags noarch $tmpfile > > is what's causing the problem. the last chflags call should fail, but it > doesn't. Sorry... my CLI based example was stupid. I meant: $ tmpfile=3D`mktemp /tmp/chflags.XXXXXX` $ chflags arch $tmpfile chflags: /tmp/chflags.V2NpXR: Operation not permitted $ chflags noarch $tmpfile $ rm $tmpfile Currently chflags(2) states: The SF_IMMUTABLE, SF_APPEND, SF_NOUNLINK, and SF_ARCHIVED flags may on= ly be set or unset by the super-user. Attempts to set these flags by non= - super-users are rejected, >>> attempts by non-superusers to clear flags that are already unset are silently ignored. <<< These flags may be set at= any time, but normally may only be unset when the system is in single-user mode. (See init(8) for details.) So this behavior is already well documented :). The EPERM section should really note SF_ARCHIVED though (whoever added the flag forgot to add that particular item to the ERRORS section). >> =A0 =A0 Your results may (but shouldn't) vary [unless your environment i= s >> setup differently]... >> =A0 =A0 Please note that I'm using UFS2 with SUJ... not all filesystems >> support this (ext2/3/4? msdosfs? ZFS?), so I would be careful about >> which filesystem you pick and whether or not there's a bug where it's >> not properly identifying that the operation you're attempting to >> perform is valid. >> Thanks, >> -Garrett >> >> $ uname -a >> FreeBSD bayonetta.local 9.0-CURRENT FreeBSD 9.0-CURRENT #9 r211309M: >> Thu Aug 19 22:50:36 PDT 2010 >> root@bayonetta.local:/usr/obj/usr/src/sys/BAYONETTA =A0amd64 Thanks, -Garrett