From owner-freebsd-current@FreeBSD.ORG Sat May 8 00:01:41 2004 Return-Path: Delivered-To: freebsd-current@www.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 78E9116A4CE for ; Sat, 8 May 2004 00:01:41 -0700 (PDT) Received: from smtp01.syd.iprimus.net.au (smtp01.syd.iprimus.net.au [210.50.30.52]) by mx1.FreeBSD.org (Postfix) with ESMTP id BA96F43D3F for ; Sat, 8 May 2004 00:01:40 -0700 (PDT) (envelope-from tim@robbins.dropbear.id.au) Received: from robbins.dropbear.id.au (203.134.132.247) by smtp01.syd.iprimus.net.au (7.0.024) id 409956B40010A08F; Sat, 8 May 2004 17:01:05 +1000 Received: by robbins.dropbear.id.au (Postfix, from userid 1000) id 3D09941E6; Sat, 8 May 2004 17:00:40 +1000 (EST) Date: Sat, 8 May 2004 17:00:40 +1000 From: Tim Robbins To: Bruce M Simpson Message-ID: <20040508070040.GA20138@cat.robbins.dropbear.id.au> References: <20040507092235.GA61837@stack.nl> <20040507100119.GA15782@cat.robbins.dropbear.id.au> <20040507235556.GB37035@empiric.dek.spc.org> <20040508010228.GA18935@cat.robbins.dropbear.id.au> <20040508012357.GA37547@empiric.dek.spc.org> <20040508030258.GA19512@cat.robbins.dropbear.id.au> <20040508044207.GB38736@empiric.dek.spc.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040508044207.GB38736@empiric.dek.spc.org> User-Agent: Mutt/1.4.1i cc: Marc Olzheim cc: Poul-Henning Kamp cc: freebsd-current@www.freebsd.org Subject: Re: Unified getcwd() implementation X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 08 May 2004 07:01:41 -0000 On Sat, May 08, 2004 at 05:42:07AM +0100, Bruce M Simpson wrote: > On Sat, May 08, 2004 at 01:02:58PM +1000, Tim Robbins wrote: > > I don't see how it differs from what we already do in userland. > > Quite a bit different, actually. I refer the honorable gentleman to > Marc Olzheim's message with the Message-ID: <20040507105355.GA93808@stack.nl>. The message that you refer to says: "Because getcwd() is a function that might or might not return EACCESS in the current implementation, depending on whether the current path is in the cache or not. If in /a/b/c/ directory b is unreadable for a user, /a/b/c is returned by getcwd() as long as it is in the cache (kernel), if not, the libc getcwd tries to resolve it, but fails." This is obviously a bug in the current implementation -- it should use VOP_ACCESS to check that the calling process has access to the vnodes of the current directory and its parents. How does the patch in question address this issue? Both the current implementation and the proposed new implementation try to find the pathname use the namecache without authorization checks, then if that fails, go on to read the directories, but this time with authorization checks. What is the difference? Tim