|
From: | Paul Eggert |
Subject: | Re: [PATCH] fchmodat, lchmod: port to buggy Linux filesystems |
Date: | Wed, 11 Mar 2020 01:03:57 -0700 |
User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.4.1 |
On 3/10/20 12:30 PM, Florian Weimer wrote:
The glibc implementation needs /proc to avoid the race. There is no way around that, otherwise we introduce a security vulnerability.
It is unfortunate that we have dueling paranoia here. coreutils mknod is paranoid so it uses lchmod to avoid a race, and then glibc lchmod is paranoid so it refuses to work with lchmod unless /proc is mounted.
Since we apparently cannot avoid a race unless /proc is mounted, I suppose we could change gnulib lchmod to consider the current glibc behavior to be a bug, and to fall back on lstat+chmod when /proc is not mounted. This would fix coreutils and every other Gnulib-using program that uses lchmod or fchmodat. But on the whole it would be somewhat cleaner if glibc lchmod and fchmodat were merely documented to have races when /proc is not mounted; that'd be simpler than manually adjusting all programs that use glibc lchmod so that they all explicitly have races when /proc is not mounted.
[Prev in Thread] | Current Thread | [Next in Thread] |