Openat() and fexecve() committed
Kostik Belousov
kostikbel at gmail.com
Mon Mar 31 10:23:25 PDT 2008
On Mon, Mar 31, 2008 at 12:37:47PM -0400, David Schultz wrote:
> On Mon, Mar 31, 2008, Kostik Belousov wrote:
> > int main() {
> > int dfd = open("/tmp/foo", O_RDONLY);
> > int res;
> >
> > chmod("/tmp/foo", 0666);
> >
> > if (dfd != -1) {
> > res = openat(dfd, "bar", 0);
> > printf("OPENAT returns: %d, errno: %s\n", res, strerror(errno));
> > }
> >
> > }
> >
> > gives the error EACCESS on both Linux and FreeBSD, and succeeds on Solaris.
> > The Solaris behaviour seems to be specified in the document cited above.
> > There are arguments in support of the both observed behaviour.
>
> Doesn't the latter behavior make it possible to bypass the usual
> permission checks on open("bar") via openat(AT_FDCWD, "bar")?
No, the point is that in the second case the permissions are checked
at the open() time, instead of the second case, where the permissions
are checked at the openat() time.
This is the same as open()ing some file, e.g., for read, and then revoking
the r bit from the vnode. You still can read the file given code did not
closed the filedescriptor.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-current/attachments/20080331/1e12a5f6/attachment.pgp
More information about the freebsd-current
mailing list