This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
O_EXEC and O_SEARCH
- From: Rich Felker <dalias at aerifal dot cx>
- To: libc-alpha at sourceware dot org
- Cc: musl at lists dot openwall dot com
- Date: Thu, 21 Feb 2013 19:45:40 -0500
- Subject: O_EXEC and O_SEARCH
Hi,
I'd like to have a conversation with the glibc team about O_EXEC and
O_SEARCH in the interest of hopefully developing a unified plan for
supporting them on Linux. Presumably the reason glibc still does not
have them is that Linux O_PATH does not exactly match their semantics
in some cases, and O_PATH is sufficiently broken on many kernel
versions to make offering it problematic. In particular, current
coreutils break badly on most kernel versions around 2.6.39-3.6 or so
if O_SEARCH and O_EXEC are defined as O_PATH.
Right now, we're offering O_EXEC and O_SEARCH in musl libc, defining
them as O_PATH. As long as recent Linux is used, this gives nearly
correct semantics, except that combined with O_NOFOLLOW they do not
fail when the final component is a symbolic link. I believe it's
possible to work around this issue on sufficiently modern kernels
where fstat works on O_PATH file descriptors, but adding the
workaround whenever O_PATH|O_NOFOLLOW is in the flags would change the
semantics when O_PATH is used by the caller rather than O_EXEC or
O_SEARCH, since the value is equal. I'm not sure this is desirable.
What should the long-term plan for supporting O_SEARCH and O_EXEC on
Linux be? Should we assume Linux is aiming for O_PATH to eventually
provide compatible semantics, and thus just define O_SEARCH and O_EXEC
as O_PATH? Or is there a need to define a different value (perhaps 3,
the unused access mode) for O_SEARCH and O_EXEC and have open/fcntl
remap it and handle workarounds for Linux semantics that don't match
the POSIX semantics?
Rich