Received: by 2002:ac0:98c7:0:0:0:0:0 with SMTP id g7-v6csp1238545imd; Sat, 27 Oct 2018 05:12:39 -0700 (PDT) X-Google-Smtp-Source: AJdET5fgUfO7nmjGwN5US0Zch0IUiTD/Cdfu3ZVQAAgUMjfboUu7kjCKpEv56DFse8nfCtOiaZhW X-Received: by 2002:a17:902:b08a:: with SMTP id p10-v6mr7181012plr.26.1540642359354; Sat, 27 Oct 2018 05:12:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1540642359; cv=none; d=google.com; s=arc-20160816; b=k1xHDm0UoEt2/zOjuzpE4mnqcdBiPvwF7B/oa43hG1OdbroMlDXfqVNhD4xyMN4wTZ B1IpnGdVdJ0DdUNhWAHyPhXIB1sTFxYAobxToIw8kfDf8Re0fOiLsw+3UXq4iH3hDsh3 dIbrQcML0ajE5bwi5mjwNCo7yoewXvHVUoX8KqfnA0uAv7wluhFZYU9yObxLqoKcXoQW TpbUjYkisXpoi+4KBlEJVLZAvic0FxFeB7erqgl1UxtSLRWGzrf6vxp0g95kiZWlZxWr 7OsE1F8QnvFWE6xvgA5dIN+1g/dmgAJ6hJTi/eNAdBEX6ml1wQrNQ8bNSt0gG0dccFPm cnfA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:message-id:subject:cc:to:from:date; bh=112FB4c2G43e9+uZ9CEkq5xNG+v+Ap1cj8WC3U58wQ4=; b=uvwMRNGiJL+vZ9k7bfgto+7wEgkkIT7a/cRv+tJZT+UEg6OTyQvjlkP+SaZmNyU04w a3oZcku2mXLe4PlY+Rx9gYx9qBKz58hMTWCIxuPjb7TXZgy/qOxTpPZcqNnYPWO5VIi9 5I1ZS7sSkcTzJDvYZKO00OiL7vJS0oOvXsnNEvu/nl3HVtKeqESEbh+QyEBYw7Omi96W dDK8igLr12EL56yYmV2TKoMuXyCA9D/X1fWph/NhamDAxI9a5kCFTRnZ0/JNqadeSPfU 2RSn64C+AJVqWLJzsdqrKONeQEoBVZien4CHI7AjQHqAmC5bN6tg2WoLOd1bRQhMFkEn e//w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id v23-v6si14139438plo.182.2018.10.27.05.12.23; Sat, 27 Oct 2018 05:12:39 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728308AbeJ0Uwt (ORCPT + 99 others); Sat, 27 Oct 2018 16:52:49 -0400 Received: from mx2.freebsd.org ([8.8.178.116]:28359 "EHLO mx2.freebsd.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727723AbeJ0Uws (ORCPT ); Sat, 27 Oct 2018 16:52:48 -0400 Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (Client CN "mx1.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx2.freebsd.org (Postfix) with ESMTPS id 970F17FA3C; Sat, 27 Oct 2018 12:11:53 +0000 (UTC) (envelope-from emaste@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2610:1c1:1:6074::16:84]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (Client CN "freefall.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id EFE708F0CF; Sat, 27 Oct 2018 12:11:52 +0000 (UTC) (envelope-from emaste@freebsd.org) Received: by freefall.freebsd.org (Postfix, from userid 1079) id DAADCCBF2; Sat, 27 Oct 2018 12:11:52 +0000 (UTC) Date: Sat, 27 Oct 2018 12:11:52 +0000 From: Ed Maste To: Aleksa Sarai Cc: David Drysdale , linux-kernel@vger.kernel.org Subject: : [PATCH v2 1/3] namei: implement O_BENEATH-style AT_* flags Message-ID: <20181027121152.GA70269@freebsd.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20181027075348.GN32577@ZenIV.linux.org.uk> User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org > What is the proposed semantic of O_BENEATH with absolute paths -- I > believe you don't have an openat(2) on FreeBSD (but please feel free to > correct me)? openat(2) is necessary for capability mode (since open(2) is not permitted), but it turns out it was actually added to FreeBSD earlier than that - the work was done by a student in the 2007 Google Summer of Code. From the proposed man page change: | If the specified path is absolute, O_BENEATH | allows arbitrary prefix that ends up in the starting directory, | after which all further resolved components must be under it. For open, and openat(AT_FDCWD), cwd is used as the top / starting directory. Once the absolute path traverses the "top" directory in namei all components must remain within. The proposed patch allows paths that perhaps enter, exit, and re-enter the hierarchy -- for example, if /a/b is the top then /c/d/../../a/b/file would be allowed. (If you're interested in taking a look the proposed change is available at https://reviews.freebsd.org/D17714 ) In capability mode absolute paths will always be disallowed.