See open(2) change for explanation.
Text for *at(2) pages is postponed.
Details
Diff Detail
- Repository
- rS FreeBSD src repository - subversion
- Lint
Lint Skipped - Unit
Tests Skipped - Build Status
Buildable 20494
Event Timeline
lib/libc/sys/open.2 | ||
---|---|---|
327โ330 | Note that this means that the sentence "The openat() function is equivalent to the open() function except in the case where the path specifies a relative path." is no longer true if O_BENEATH is specified. So the change to the man pages will need to be more extensive, describing that .Fa fd is always used when O_BENEATH is given. |
Man page updates.
Document absolute paths interaction with dirfd for O_BENEATH.
Correct cap mode restrictions for dotdots, and mention sysctls.
lib/libc/sys/open.2 | ||
---|---|---|
144 | escaping, will fix with the next patch upload. |
The man page seems to contain the right content now. I just have some English language comments.
lib/libc/sys/open.2 | ||
---|---|---|
104โ112 | Perhaps this is better as When .Fn openat is called with an absolute .Fa path without the .Dv O_BENEATH flag, it ignores the .Fa fd argument | |
115 | is specified with an absolute | |
139 | which cause the path resolution to escape the directory hierarchy? | |
149 | If the | |
153 | in capability mode | |
155 | are completely disabled | |
156 | If the |
lib/libc/sys/open.2 | ||
---|---|---|
151 | sysctl is actually sysctl(2), in the sense that it is a syscall, not just some library function. I think it is put into section 3 because other functions are put into the same man page. |
Just to be clear: this change only affects the use of O_BENEATH when not in capability mode, right? We wouldn't want to allow absolute path information (e.g., "is FD X somewhere under the path /foo/bar/baz/wibble?") to leak when a process is in capability mode...
Yes. I should have no change on the capability mode operations, BENEATH is mutually exclusive with it. You can see it in namei_handle_root(), first we check that the NI_LCF_STRICTRELATIVE flag is not set (AKA cap mode), then consider BENEATH.
Ping. If nobody comments/objects in 2-3 days, I am going to ask for stress2 run and commit this. Thanks.
fstatat(2) page update. This will be copied/pasted into all other *at(2) pages before commit.
lib/libc/sys/stat.2 | ||
---|---|---|
104 โ | (On Diff #50009) | "addition" -> "additional"? |
156 โ | (On Diff #50009) | I'm not entirely sure what this is saying... isn't the root directory the starting point for the resolution? Are you trying to say something like:
? |
lib/libc/sys/stat.2 | ||
---|---|---|
104 โ | (On Diff #50009) | Will fix in the next patch upload. |
156 โ | (On Diff #50009) | No. First, please look at the starting point definition in open(2). I tend to agree that the term is confusing since its meaning is taken by intuition. Second, no, it is not enough that the path pass through the directory, its tail after the last entry to the directory must not escape the hierarchy. |
I'd tend to call it a 'root directory' since that's what we call the base of a sub-tree in other contexts.
I think the modest overloading is better than making up words, but don't feel strongly.
OK, I am concerned with the code rotting, and do not want to hold it up for the man page changes. I am going to ask Peter for test and will commit only the code for now.
I also want to avoid the code rotting. Please commit with the current version of the man page and we can discuss the name for this directory after commit.