From owner-freebsd-current@FreeBSD.ORG Sat May 8 06:59:55 2004 Return-Path: Delivered-To: freebsd-current@www.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3363C16A4CE for ; Sat, 8 May 2004 06:59:55 -0700 (PDT) Received: from hexagon.stack.nl (hexagon.stack.nl [131.155.140.144]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4D43D43D72 for ; Sat, 8 May 2004 06:59:54 -0700 (PDT) (envelope-from marcolz@stack.nl) Received: from hammer.stack.nl (hammer.stack.nl [IPv6:2001:610:1108:5010::153]) by hexagon.stack.nl (Postfix) with ESMTP id 2D0BB521B; Sat, 8 May 2004 15:59:53 +0200 (CEST) Received: by hammer.stack.nl (Postfix, from userid 333) id 230806484; Sat, 8 May 2004 15:59:54 +0200 (CEST) Date: Sat, 8 May 2004 15:59:54 +0200 From: Marc Olzheim To: Tim Robbins Message-ID: <20040508135954.GA469@stack.nl> References: <20040507092235.GA61837@stack.nl> <20040507100119.GA15782@cat.robbins.dropbear.id.au> <20040507235556.GB37035@empiric.dek.spc.org> <20040508010228.GA18935@cat.robbins.dropbear.id.au> <20040508012357.GA37547@empiric.dek.spc.org> <20040508030258.GA19512@cat.robbins.dropbear.id.au> <20040508044207.GB38736@empiric.dek.spc.org> <20040508070040.GA20138@cat.robbins.dropbear.id.au> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040508070040.GA20138@cat.robbins.dropbear.id.au> X-Operating-System: FreeBSD hammer.stack.nl 5.2-CURRENT FreeBSD 5.2-CURRENT X-URL: http://www.stack.nl/~marcolz/ User-Agent: Mutt/1.5.6i cc: Marc Olzheim cc: Bruce M Simpson cc: Poul-Henning Kamp cc: freebsd-current@www.freebsd.org Subject: Re: Unified getcwd() implementation X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 08 May 2004 13:59:55 -0000 On Sat, May 08, 2004 at 05:00:40PM +1000, Tim Robbins wrote: > The message that you refer to says: > "Because getcwd() is a function that might or might not return EACCESS in > the current implementation, depending on whether the current path is in > the cache or not. If in /a/b/c/ directory b is unreadable for a user, > /a/b/c is returned by getcwd() as long as it is in the cache (kernel), > if not, the libc getcwd tries to resolve it, but fails." > > This is obviously a bug in the current implementation -- it should use > VOP_ACCESS to check that the calling process has access to the vnodes > of the current directory and its parents. How does the patch in question > address this issue? Could you please do me the honour of reading the PR's I mentioned ? > Both the current implementation and the proposed new implementation > try to find the pathname use the namecache without authorization > checks, then if that fails, go on to read the directories, but this > time with authorization checks. What is the difference? standards/44425 mentions why the current implementation is not a bug in the standards point of view. bin/22291, kern/30527, kern/39331 and kern/55993 are about issues we have because of the current implementation. What would be gained from this patch is: - consistency - getcwd() having elevated permission to actually be able to find the real cwd. Now I know that getcwd() shouldn't be used as often as it is used today and that fchdir() can be used instead most of the time, but most software developed on a Linux platform assumes (incorrectly I guess) that getcwd() always succeeds. Marc