svn commit: r200509 - stable/8/libexec/rtld-elf

[Robert N. M. Watson]

On 14 Dec 2009, at 16:08, Bruce Evans wrote:

> On Mon, 14 Dec 2009, Robert Watson wrote:
> 
>> Log:
>> Merge r197808 from head to stable/8:
>> 
>>   In rtld's map_object(), use pread(..., 0) rather than read() to read the
>>   ELF header from the front of the file.  As all other I/O on the binary
>>   is done using mmap(), this avoids the need for seek privileges on the
>>   file descriptor during run-time linking.
> 
> Doesn't/shouldn't pread() require seek privileges?  It certainly uses them.

I think there are actually multiple notions of "seek":

- Manipulation of the file descriptor offset, which occurs explicitly with lseek(2) or implicitly with read(2)/write(2)/..., but not with pread(2)/pwrite(2)/sendfile(2)/...
- Underlying object offset, such as the current location of the head relative to a tape in a tape drive, which will be manipulated implicitly as IO requests go down the stack regardless of the file descriptor offset changing

For the purposes of our ongoing capability project, the right to seek refers to changing the file descriptor offset, as in most instances we're interested in, the underlying object is a file rather than a special device. In particular, we want to be able to pass around capabilities for key libraries (the runtime linker itself, libc, etc) and share them between mutually untrusting processes, and not have the file descriptor offset allow interference between them.

Further confusing matters, we maintain file descriptor-level offsets for some stream-oriented objects, such as tty's, but not others, such as sockets.

Robert