|
From: | Paul Eggert |
Subject: | Re: [PATCH] fchmodat, lchmod: port to buggy Linux filesystems |
Date: | Wed, 11 Mar 2020 09:04:07 -0700 |
User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.4.1 |
On 3/11/20 1:45 AM, Florian Weimer wrote:
I now wonder if neither gnulib nor glibc should pretend that they can implement lchmod and fchmodat on Linux in a usable fashion.
That ship sailed long ago for Gnulib, since it long emulated lchmod by using chmod (with no symlink check!), and Gnulib-using programs rely on this: some know about the lack of a symlink check and therefore have races of there own, whereas others don't know and have more-serious bugs. At the very least we can improve on this by adding a symlink check to Gnulib lchmod. There will still be races but some Gnulib-using programs will be better off than before.
Portable programs really need the ability to do lchmod to avoid races, and as lchmod works on non-Linux kernels we don't want to lose this capability.
I agree that Linux should have a proper lchmod system call. I am puzzled as to why this wasn't added long ago. I suppose the kernel folks thought that lchmod was nonsense because symlink permissions are nonsense, and missed the point that lchmod avoids races.
For glibc I think it'd be better to keep the change to lchmod and fchmodat. Problems occur only when /proc is not mounted, and the problems are the same as before the change so this is not a regression. However, I don't feel strongly about this.
[Prev in Thread] | Current Thread | [Next in Thread] |