extattr problems?

Tim Kientzle kientzle at freebsd.org
Mon Jan 12 08:44:52 PST 2009 

Robert Watson wrote:
> On Sun, 11 Jan 2009, Tim Kientzle wrote:
> 
>> I think this one is a bug.  It appears that extattr_set_fd() obeys the 
>> permissions on the file, not the permissions of the descriptor.
> 
> Hmm.  Not clear.  EAs live in a slightly hazy world between data and 
> meta-data.  Normally you can perform operations like fchmod(2), which 
> are strictly meta-data operations, regardless of the flags of the file 
> descriptor they are performed on, subject to ownership/permissions.

You can always call fchmod() on a newly-created file.
But you cannot currently always call extattr_set_fd()
on a newly created file.  So extattr_set_fd() does not
currently behave like other metadata operations.

> With NFSv4 ACLs, where the right to change ACLs can be delegated, this 
> only becomes more true.  I've chosen to generally treat EAs as meta-data
> in this regard, where the file descriptor simply names the object rather 
> than as an access method as occurs with write(), etc.

Hmmmm....  Then what is the secure way to create a file with
no write permissions and EAs?  The policy you've adopted means
that you must open write permissions on the file even if the
final file should not have such permissions.

I'm also unclear about your reasoning here.  There are only
two ways to get a writable FD:  You have write permissions on
an existing file (or rather, *had* write permissions at the
time you opened it), or you've just created the file.  The
former case would seem to cover your concerns here; I see
no justification for disallowing the latter.

I'm especially unhappy about this in the case of tar
because it means I would have to introduce another system
call (an otherwise-redundant fchmod()) into the
performance-critical file creation path, not to mention
some rather ugly logic to modify modes on newly created
files if that file has extattrs and you're on FreeBSD.

>  How do other 
> systems handle this -- for example, Linux, with its notion of user vs. 
> system namespaces?

I need to do some more research here.  I'll let you know
what I find.

Tim

More information about the freebsd-hackers mailing list