Re: Have RESOLVE_* flags superseded AT_* flags for new syscalls?

From: David Howells
Date: Mon Mar 02 2020 - 10:23:33 EST

Next message: Pavel Begunkov: "Re: linux-next: build failure after merge of the keys tree"
Previous message: Dan Carpenter: "Re: [PATCH v1] media: staging: tegra-vde: Use devm_platform_ioremap_resource_byname()"
In reply to: Aleksa Sarai: "Re: Have RESOLVE_* flags superseded AT_* flags for new syscalls?"
Next in thread: David Howells: "Re: Have RESOLVE_* flags superseded AT_* flags for new syscalls?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Aleksa Sarai <cyphar@xxxxxxxxxx> wrote:

> My counter-argument is that most people actually want
> RESOLVE_NO_SYMLINKS (as evidenced by the countless symlink-related
> security bugs -- many of which used O_NOFOLLOW incorrectly), it just
> wasn't available before Linux 5.6.

I would quibble as to whether they actually want this in all situations.
There are some in which the difference in behaviour will conceivably break
things - though that's more the case for things like stat(), statx(), fsinfo()
and getxattr() where you might want to be able to query a specific symlink
than for openat2() where you almost always want to follow it (save O_PATH |
O_NOFOLLOW).

However, if you're okay with me adding, say, RESOLVE_NO_TERMINAL_SYMLINK and
RESOLVE_NO_TERMINAL_AUTOMOUNT, I can use these flags.

I don't want to have to allow both RESOLVE_* and AT_*.

David

Next message: Pavel Begunkov: "Re: linux-next: build failure after merge of the keys tree"
Previous message: Dan Carpenter: "Re: [PATCH v1] media: staging: tegra-vde: Use devm_platform_ioremap_resource_byname()"
In reply to: Aleksa Sarai: "Re: Have RESOLVE_* flags superseded AT_* flags for new syscalls?"
Next in thread: David Howells: "Re: Have RESOLVE_* flags superseded AT_* flags for new syscalls?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]