From owner-freebsd-current@FreeBSD.ORG Sat May 8 08:15:17 2004 Return-Path: Delivered-To: freebsd-current@www.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 71A9F16A4CE for ; Sat, 8 May 2004 08:15:17 -0700 (PDT) Received: from smtp01.syd.iprimus.net.au (smtp01.syd.iprimus.net.au [210.50.30.52]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8174443D2D for ; Sat, 8 May 2004 08:15:16 -0700 (PDT) (envelope-from tim@robbins.dropbear.id.au) Received: from robbins.dropbear.id.au (210.50.217.147) by smtp01.syd.iprimus.net.au (7.0.024) id 409956B40011A66D; Sun, 9 May 2004 01:14:38 +1000 Received: by robbins.dropbear.id.au (Postfix, from userid 1000) id E0D3041E5; Sun, 9 May 2004 01:14:12 +1000 (EST) Date: Sun, 9 May 2004 01:14:12 +1000 From: Tim Robbins To: Marc Olzheim Message-ID: <20040508151412.GA21857@cat.robbins.dropbear.id.au> References: <20040507092235.GA61837@stack.nl> <20040507100119.GA15782@cat.robbins.dropbear.id.au> <20040507235556.GB37035@empiric.dek.spc.org> <20040508010228.GA18935@cat.robbins.dropbear.id.au> <20040508012357.GA37547@empiric.dek.spc.org> <20040508030258.GA19512@cat.robbins.dropbear.id.au> <20040508044207.GB38736@empiric.dek.spc.org> <20040508070040.GA20138@cat.robbins.dropbear.id.au> <20040508135954.GA469@stack.nl> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040508135954.GA469@stack.nl> User-Agent: Mutt/1.4.1i cc: Bruce M Simpson cc: Poul-Henning Kamp cc: freebsd-current@www.freebsd.org Subject: Re: Unified getcwd() implementation X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 08 May 2004 15:15:17 -0000 On Sat, May 08, 2004 at 03:59:54PM +0200, Marc Olzheim wrote: > On Sat, May 08, 2004 at 05:00:40PM +1000, Tim Robbins wrote: > > The message that you refer to says: > > "Because getcwd() is a function that might or might not return EACCESS in > > the current implementation, depending on whether the current path is in > > the cache or not. If in /a/b/c/ directory b is unreadable for a user, > > /a/b/c is returned by getcwd() as long as it is in the cache (kernel), > > if not, the libc getcwd tries to resolve it, but fails." > > > > This is obviously a bug in the current implementation -- it should use > > VOP_ACCESS to check that the calling process has access to the vnodes > > of the current directory and its parents. How does the patch in question > > address this issue? > > Could you please do me the honour of reading the PR's I mentioned ? > > > Both the current implementation and the proposed new implementation > > try to find the pathname use the namecache without authorization > > checks, then if that fails, go on to read the directories, but this > > time with authorization checks. What is the difference? > > standards/44425 mentions why the current implementation is not a bug in > the standards point of view. > > bin/22291, kern/30527, kern/39331 and kern/55993 are about issues we > have because of the current implementation. You have already mentioned these, and I have read them. > > What would be gained from this patch is: > - consistency The only differences I can see between the current implementation and the proposed new implementation are: (a) if not all the name components are in the namecache, the (possibly stale) entries can be used instead of those obtained through readdir, and (b) getcwd() works on unionfs again because it compares vnode pointers instead of device/inode pairs. Am I missing something? > - getcwd() having elevated permission to actually be able to find the > real cwd. >From what I can see, it still uses the caller's credentials in calls to VOP_GETATTR(), VOP_LOOKUP() and VOP_READDIR(). Tim