From owner-svn-src-stable-8@FreeBSD.ORG Sat Jan 23 22:11:03 2010 Return-Path: Delivered-To: svn-src-stable-8@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E648D106566B; Sat, 23 Jan 2010 22:11:03 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [65.122.17.42]) by mx1.freebsd.org (Postfix) with ESMTP id BEA0D8FC12; Sat, 23 Jan 2010 22:11:03 +0000 (UTC) Received: from [192.168.2.102] (host86-179-176-160.range86-179.btcentralplus.com [86.179.176.160]) by cyrus.watson.org (Postfix) with ESMTPSA id 82AE746B5B; Sat, 23 Jan 2010 17:11:02 -0500 (EST) Mime-Version: 1.0 (Apple Message framework v1077) Content-Type: text/plain; charset=us-ascii From: "Robert N. M. Watson" In-Reply-To: <20091215013718.D984@besplex.bde.org> Date: Sat, 23 Jan 2010 22:10:58 +0000 Content-Transfer-Encoding: quoted-printable Message-Id: <86386F14-AB22-47F9-A4B1-6EC8B90444B4@FreeBSD.org> References: <200912141219.nBECJLfJ026164@svn.freebsd.org> <20091215013718.D984@besplex.bde.org> To: Bruce Evans X-Mailer: Apple Mail (2.1077) Cc: svn-src-stable@FreeBSD.org, svn-src-all@FreeBSD.org, src-committers@FreeBSD.org, svn-src-stable-8@FreeBSD.org Subject: Re: svn commit: r200509 - stable/8/libexec/rtld-elf X-BeenThere: svn-src-stable-8@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for only the 8-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 23 Jan 2010 22:11:04 -0000 On 14 Dec 2009, at 16:08, Bruce Evans wrote: > On Mon, 14 Dec 2009, Robert Watson wrote: >=20 >> Log: >> Merge r197808 from head to stable/8: >>=20 >> In rtld's map_object(), use pread(..., 0) rather than read() to = read the >> ELF header from the front of the file. As all other I/O on the = binary >> is done using mmap(), this avoids the need for seek privileges on = the >> file descriptor during run-time linking. >=20 > Doesn't/shouldn't pread() require seek privileges? It certainly uses = them. I think there are actually multiple notions of "seek": - Manipulation of the file descriptor offset, which occurs explicitly = with lseek(2) or implicitly with read(2)/write(2)/..., but not with = pread(2)/pwrite(2)/sendfile(2)/... - Underlying object offset, such as the current location of the head = relative to a tape in a tape drive, which will be manipulated implicitly = as IO requests go down the stack regardless of the file descriptor = offset changing For the purposes of our ongoing capability project, the right to seek = refers to changing the file descriptor offset, as in most instances = we're interested in, the underlying object is a file rather than a = special device. In particular, we want to be able to pass around = capabilities for key libraries (the runtime linker itself, libc, etc) = and share them between mutually untrusting processes, and not have the = file descriptor offset allow interference between them. Further confusing matters, we maintain file descriptor-level offsets for = some stream-oriented objects, such as tty's, but not others, such as = sockets. Robert=