Changeset View
Changeset View
Standalone View
Standalone View
lib/libc/sys/open.2
Show First 20 Lines • Show All 111 Lines • ▼ Show 20 Lines | |||||
argument. | argument. | ||||
When | When | ||||
.Dv O_BENEATH | .Dv O_BENEATH | ||||
is specified with an absolute | is specified with an absolute | ||||
.Fa path , | .Fa path , | ||||
a directory passed by the | a directory passed by the | ||||
.Fa fd | .Fa fd | ||||
argument is used as the topping point for the resolution. | argument is used as the topping point for the resolution. | ||||
When | |||||
.Dv O_BENEATH | |||||
is specified with a relative path, the | |||||
.Fa fd | |||||
argument is used both as the starting point, and as the topping point | |||||
for the resolution. | |||||
See the definition of the | See the definition of the | ||||
.Dv O_BENEATH | .Dv O_BENEATH | ||||
flag below. | flag below. | ||||
.Pp | .Pp | ||||
In | In | ||||
.Xr capsicum 4 | .Xr capsicum 4 | ||||
capability mode, | capability mode, | ||||
.Fn open | .Fn open | ||||
▲ Show 20 Lines • Show All 50 Lines • ▼ Show 20 Lines | |||||
O_FSYNC synchronous writes | O_FSYNC synchronous writes | ||||
O_SYNC synchronous writes | O_SYNC synchronous writes | ||||
O_NOFOLLOW do not follow symlinks | O_NOFOLLOW do not follow symlinks | ||||
O_NOCTTY ignored | O_NOCTTY ignored | ||||
O_TTY_INIT ignored | O_TTY_INIT ignored | ||||
O_DIRECTORY error if file is not a directory | O_DIRECTORY error if file is not a directory | ||||
O_CLOEXEC set FD_CLOEXEC upon open | O_CLOEXEC set FD_CLOEXEC upon open | ||||
O_VERIFY verify the contents of the file | O_VERIFY verify the contents of the file | ||||
O_BENEATH require path to be strictly relative to topping directory | O_BENEATH require resolved path to be strictly relative to topping directory | ||||
O_RELATIVE_BENEATH require walked path to be strictly relative to topping directory | |||||
.Ed | .Ed | ||||
.Pp | .Pp | ||||
Opening a file with | Opening a file with | ||||
.Dv O_APPEND | .Dv O_APPEND | ||||
set causes each write on the file | set causes each write on the file | ||||
to be appended to the end. | to be appended to the end. | ||||
If | If | ||||
.Dv O_TRUNC | .Dv O_TRUNC | ||||
▲ Show 20 Lines • Show All 111 Lines • ▼ Show 20 Lines | |||||
.Dq verified | .Dq verified | ||||
means is implementation specific. | means is implementation specific. | ||||
The run-time linker (rtld) uses this flag to ensure shared objects have | The run-time linker (rtld) uses this flag to ensure shared objects have | ||||
been verified before operating on them. | been verified before operating on them. | ||||
.Pp | .Pp | ||||
.Dv O_BENEATH | .Dv O_BENEATH | ||||
returns | returns | ||||
.Er ENOTCAPABLE | .Er ENOTCAPABLE | ||||
if the specified relative path, after resolving all symlinks and ".." | if the specified path, after resolving all symlinks and ".." | ||||
references, does not reside in the directory hierarchy of | references, does not end up with tail residing in the directory hierarchy of | ||||
children beneath the topping directory. | children beneath the topping directory. | ||||
Topping directory is the process current directory if relative | Topping directory is the process current directory if relative | ||||
.Fa path | .Fa path | ||||
is used for | is used for | ||||
.Fn open , | .Fn open , | ||||
and the directory referenced by the | and the directory referenced by the | ||||
.Fa fd | .Fa fd | ||||
argument when using | argument when using | ||||
.Fn openat . | .Fn openat . | ||||
If the specified path is absolute, | |||||
.Dv O_BENEATH | .Dv O_BENEATH | ||||
allows arbitrary prefix that ends up at the topping directory, | allows arbitrary prefix that ends up at the topping directory, | ||||
after which all further resolved components must be under it. | after which all further resolved components must be under it. | ||||
.Pp | .Pp | ||||
.Dv O_RELATIVE_BENEATH | |||||
returns | |||||
.Er ENOTCAPABLE | |||||
if any intermediate component of the specified relative path does not | |||||
reside in the directory hierarchy beneath the topping directory. | |||||
markj: I think you could combine the two sentences by writing, "if any intermediate component of the… | |||||
Done Inline ActionsI still think that the second sentence is useful, I added note about abs paths there. kib: I still think that the second sentence is useful, I added note about abs paths there. | |||||
Comparing to | |||||
.Dv O_BENEATH, | |||||
absolute paths or even the temporal escape from beneath of the topping | |||||
directory is not allowed. | |||||
.Pp | |||||
When | When | ||||
.Fa fd | .Fa fd | ||||
is opened with | is opened with | ||||
.Dv O_SEARCH , | .Dv O_SEARCH , | ||||
execute permissions are checked at open time. | execute permissions are checked at open time. | ||||
The | The | ||||
.Fa fd | .Fa fd | ||||
may not be used for any read operations like | may not be used for any read operations like | ||||
▲ Show 20 Lines • Show All 197 Lines • ▼ Show 20 Lines | |||||
.Dv O_RDONLY , | .Dv O_RDONLY , | ||||
.Dv O_WRONLY , | .Dv O_WRONLY , | ||||
or | or | ||||
.Dv O_RDWR , | .Dv O_RDWR , | ||||
and | and | ||||
.Dv O_EXEC | .Dv O_EXEC | ||||
or | or | ||||
.Dv O_SEARCH . | .Dv O_SEARCH . | ||||
.It Bq Er EINVAL | |||||
The | |||||
.Dv O_RELATIVE_BENEATH | |||||
markjUnsubmitted Not Done Inline ActionsIsn't it O_RESOLVE_BENEATH? Ditto in other man page changes. markj: Isn't it O_RESOLVE_BENEATH? Ditto in other man page changes. | |||||
flag is specified and | |||||
.Dv path | |||||
is absolute. | |||||
.It Bq Er EBADF | .It Bq Er EBADF | ||||
The | The | ||||
.Fa path | .Fa path | ||||
argument does not specify an absolute path and the | argument does not specify an absolute path and the | ||||
.Fa fd | .Fa fd | ||||
argument is | argument is | ||||
neither | neither | ||||
.Dv AT_FDCWD | .Dv AT_FDCWD | ||||
Show All 26 Lines | |||||
The | The | ||||
.Dv O_BENEATH | .Dv O_BENEATH | ||||
flag was provided, and the absolute | flag was provided, and the absolute | ||||
.Fa path | .Fa path | ||||
does not have its tail fully contained under the topping directory, | does not have its tail fully contained under the topping directory, | ||||
or the relative | or the relative | ||||
.Fa path | .Fa path | ||||
escapes it. | escapes it. | ||||
.It Bq Er ENOTCAPABLE | |||||
The | |||||
.Dv O_RELATIVE_BENEATH | |||||
flag was provided, and the relative | |||||
.Fa path | |||||
escapes topping directory. | |||||
.El | .El | ||||
.Sh SEE ALSO | .Sh SEE ALSO | ||||
.Xr chmod 2 , | .Xr chmod 2 , | ||||
.Xr close 2 , | .Xr close 2 , | ||||
.Xr dup 2 , | .Xr dup 2 , | ||||
.Xr fexecve 2 , | .Xr fexecve 2 , | ||||
.Xr fhopen 2 , | .Xr fhopen 2 , | ||||
.Xr getdtablesize 2 , | .Xr getdtablesize 2 , | ||||
▲ Show 20 Lines • Show All 49 Lines • Show Last 20 Lines |
I think you could combine the two sentences by writing, "if any intermediate component of the specified relative path does not reside in the directory hierarchy beneath the topping directory." IMO it is a bit clearer. It may be worth noting that absolute paths are not permitted.