Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <CAHGf_=oa5gW_1511i6Wi4nTHHdiUaeLXucT+mr-76MFVqRm7rw@mail.gmail.com>
Date: Sat, 23 Feb 2013 00:01:39 -0500
From: KOSAKI Motohiro <kosaki.motohiro@...il.com>
To: Rich Felker <dalias@...ifal.cx>
Cc: libc-alpha <libc-alpha@...rceware.org>, musl@...ts.openwall.com
Subject: Re: O_EXEC and O_SEARCH

> 1. Try to open with O_RDONLY. If it succeeds, we're done. This is
> REALLY nice because it means O_SEARCH and O_EXEC "just work" even on
> ancient or broken kernels as long as the target file is readable.

Hmm..
This algorithm seems slightly strange to me. Why do you want to try O_RDONLY at
first?
O_RDONLY require read permission and O_SEARCH, if i understand correctly,
doesn't.
I think you should try O_PATH at first.

>
> 2. Else, add O_PATH and try again. If it still fails, we have a
> pre-2.6.39 kernel and there's nothing we can do, so just report
> failure.
>
> 3. If open succeeds with O_PATH, then if O_NOFOLLOW is also specified,
> check fstat, and close the file and report error if fstat succeeded
> and the obtained fd was a symbolic link.
>
> 4. If fstat failed, we have a buggy kernel, so either close and report
> an error, or just ignore the failure (possibly ignoring the
> requirements of O_NOFOLLOW), as there seems to be no way to handle it
> correctly on such kernels.
>
> If the kernel developers ever add O_SEARCH/O_EXEC at the kernel level
> with our proposed value of 3, a step 0, just passing the value to the
> kernel directly and seeing if it works, could also be added.
>
> Rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.